loncom/configuration/Firewall.pm - diff

Return to Firewall.pm CVS log

Up to [LON-CAPA] / loncom / configuration

Diff for /loncom/configuration/Firewall.pm between versions 1.6 and 1.16

version 1.6, 2010/03/25 01:47:45	version 1.16, 2018/12/12 03:34:04
Line 35 package LONCAPA::Firewall;	Line 35 package LONCAPA::Firewall;
use strict;	use strict;
use lib '/home/httpd/perl/lib';	use lib '/home/httpd/perl/lib';
use LONCAPA::Configuration;	use LONCAPA::Configuration;
	use LONCAPA;

	sub uses_firewalld {
	my ($distro) = @_;
	if ($distro eq '') {
	$distro = &get_distro();
	}
	my ($inuse, $checkfirewalld);
	if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {
	if (($1 eq 'sles') && ($2 >= 15)) {
	$checkfirewalld = 1;
	}
	} elsif ($distro =~ /^fedora(\d+)$/) {
	if ($1 >= 18) {
	$checkfirewalld = 1;
	}
	} elsif ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)/) {
	if ($1 >= 7) {
	$checkfirewalld = 1;
	}
	}
	if ($checkfirewalld) {
	my ($loaded,$active);
	if (open(PIPE,"systemctl status firewalld 2>&1 \|")) {
	while (<PIPE>) {
	chomp();
	if (/^\s*Loaded:\s+(\w+)/) {
	$loaded = $1;
	}
	if (/^\s*Active\s+(\w+)/) {
	$active = $1;
	}
	}
	close(PIPE);
	}
	if (($loaded eq 'loaded') \|\| ($active eq 'active')) {
	$inuse = 1;
	}
	}
	return $inuse;
	}

sub firewall_open_port {	sub firewall_open_port {
my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_;	my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_;
Line 50 sub firewall_open_port {	Line 91 sub firewall_open_port {
}	}
}	}
if (!@okchains) {	if (!@okchains) {
return 'None of the chain names has the expected format'."\n";	return 'None of the chain names has the expected format.'."\n";
}	}
if (ref($ports) ne 'ARRAY') {	if (ref($ports) ne 'ARRAY') {
return 'List of ports to open needed.';	return 'List of ports to open needed.';
}	}
	my $firewalld = &uses_firewalld();
foreach my $portnum (@{$ports}) {	foreach my $portnum (@{$ports}) {
my $port = '';	my $port = '';
if ($portnum =~ /^(\d+)$/) {	if ($portnum =~ /^(\d+)$/) {
$port = $1;	$port = $1;
} else {	} else {
print "Skipped non-numeric port: $portnum\n";	print "Skipped non-numeric port: $portnum.\n";
next;	next;
}	}
print "Opening firewall access on port $port.\n";	print "Opening firewall access on port $port.\n";
Line 83 sub firewall_open_port {	Line 125 sub firewall_open_port {
if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) {	if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) {
$ip = "$1.$2.$3.$4";	$ip = "$1.$2.$3.$4";
} else {	} else {
	print "IP address: $key does not have expected format.\n";
next;	next;
}	}
} else {	} else {
	print "IP address: $key does not have expected format.\n";
next;	next;
}	}
if ($curropen{$ip}) {	if ($curropen{$ip}) {
push(@lond_port_curropen,$ip);	push(@lond_port_curropen,$ip);
} else {	} else {
foreach my $fw_chain (@okchains) {	foreach my $fw_chain (@okchains) {
my $firewall_command =	if ($firewalld) {
"$iptables -I $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";	my $cmd = 'firewall-cmd --zone=public --add-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\'';
system($firewall_command);	if (open(PIPE,"$cmd \|")) {
my $return_status = $?>>8;	my $result = <PIPE>;
if ($return_status == 1) {	chomp($result);
unless(grep(/^\Q$ip\E$/,@port_error)) {	close(PIPE);
	if ($result eq 'success') {
	push(@lond_port_open,$ip);
	last;
	} else {
	push (@port_error,$ip);
	}
	} else {
push (@port_error,$ip);	push (@port_error,$ip);
}	}
} elsif ($return_status == 2) {	} else {
push(@{$command_error{$fw_chain}},$ip);	my $firewall_command =
} elsif ($return_status == 0) {	"$iptables -I $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";
push(@lond_port_open,$ip);	system($firewall_command);
last;	my $return_status = $?>>8;
	if ($return_status == 1) {
	unless(grep(/^\Q$ip\E$/,@port_error)) {
	push (@port_error,$ip);
	}
	} elsif ($return_status == 2) {
	push(@{$command_error{$fw_chain}},$ip);
	} elsif ($return_status == 0) {
	push(@lond_port_open,$ip);
	last;
	}
}	}
}	}
}	}
}	}
	} else {
	print "no key found in $iphost hash ref\n";
}	}
	} else {
	print "$iphost is not a reference to a hash\n";
}	}
if (@lond_port_curropen) {	if (@lond_port_curropen) {
unless (grep(/^\Q$port\E$/,@opened)) {	unless (grep(/^\Q$port\E$/,@opened)) {
push(@opened,$port);	push(@opened,$port);
}	}
print "Port already open for ".scalar(@lond_port_curropen)." IP addresses\n";	print "Port already open for ".scalar(@lond_port_curropen)." IP addresses.\n";
}	}
if (@lond_port_open) {	if (@lond_port_open) {
unless (grep(/^\Q$port\E$/,@opened)) {	unless (grep(/^\Q$port\E$/,@opened)) {
push(@opened,$port);	push(@opened,$port);
}	}
print "Port opened for ".scalar(@lond_port_open)." IP addresses\n";	print "Port opened for ".scalar(@lond_port_open)." IP addresses.\n";
}	}
if (@port_error) {	if (@port_error) {
print "Error opening port for following IP addresses: ".join(', ',@port_error)."\n";	print "Error opening port for following IP addresses: ".join(', ',@port_error)."\n";
Line 140 sub firewall_open_port {	Line 205 sub firewall_open_port {
} else {	} else {
my (@port_errors,%command_errors);	my (@port_errors,%command_errors);
foreach my $fw_chain (@okchains) {	foreach my $fw_chain (@okchains) {
my $firewall_command =	if ($firewalld) {
"$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";	my $cmd = 'firewall-cmd --zone=public --add-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\'';
system($firewall_command);	if (open(PIPE,"$cmd \|")) {
my $return_status = $?>>8;	my $result = <PIPE>;
if ($return_status == 1) {	chomp($result);
push(@port_errors,$fw_chain);	close(PIPE);
} elsif ($return_status == 2) {	if ($result eq 'success') {
$command_errors{$fw_chain} = $firewall_command;	push(@opened,$port);
} elsif ($return_status == 0) {	last;
push(@opened,$port);	} else {
last;	push(@port_errors,$fw_chain);
	}
	} else {
	push(@port_errors,$fw_chain);
	}
	} else {
	my $firewall_command =
	"$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
	system($firewall_command);
	my $return_status = $?>>8;
	if ($return_status == 1) {
	push(@port_errors,$fw_chain);
	} elsif ($return_status == 2) {
	$command_errors{$fw_chain} = $firewall_command;
	} elsif ($return_status == 0) {
	push(@opened,$port);
	last;
	}
}	}
}	unless (grep(/^\Q$port\E$/,@opened)) {
unless (grep(/^\Q$port\E$/,@opened)) {	if (@port_errors) {
if (@port_errors) {	print "Error opening port for chains: ".
print "Error opening port for chains: ".	join(', ',@port_errors).".\n";
join(', ',@port_errors).".\n";	}
}	if (keys(%command_errors)) {
if (keys(%command_errors)) {	foreach my $fw_chain (sort(keys(%command_errors))) {
foreach my $fw_chain (sort(keys(%command_errors))) {	print "Bad command error opening port for chain: $fw_chain. Command was\n".
print "Bad command error opening port for chain: $fw_chain. Command was\n".	" ".$command_errors{$fw_chain}."\n";
" ".$command_errors{$fw_chain}."\n";	}
}	}
}	}
}	}
Line 183 sub firewall_is_port_open {	Line 265 sub firewall_is_port_open {
# check if firewall is active or installed	# check if firewall is active or installed
return if (! &firewall_is_active());	return if (! &firewall_is_active());
my $count = 0;	my $count = 0;
if (open(PIPE,"$iptables -L $fw_chain -n 2>/dev/null \|")) {	if (open(PIPE,"$iptables -L $fw_chain -n \|")) {
while(<PIPE>) {	while(<PIPE>) {
if ($port eq $lond_port) {	if ($port eq $lond_port) {
if (ref($iphost) eq 'HASH') {	if (ref($iphost) eq 'HASH') {
if (/^ACCEPT\s+tcp\s+\-{2}\s+([\S]+)\s+/) {	if (/^ACCEPT\s+tcp\s+\-{2}\s+(\S+)\s+\S+\s+tcp\s+dpt\:\Q$port\E/) {
my $ip = $1;	my $ip = $1;
if ($iphost->{$ip}) {	if ($iphost->{$ip}) {
$count ++;	$count ++;
Line 210 sub firewall_is_port_open {	Line 292 sub firewall_is_port_open {
}	}

sub firewall_is_active {	sub firewall_is_active {
	my $status = 0;
if (-e '/proc/net/ip_tables_names') {	if (-e '/proc/net/ip_tables_names') {
return 1;	if (open(PIPE,'cat /proc/net/ip_tables_names \|')) {
} else {	while(<PIPE>) {
return 0;	chomp();
	if (/^filter$/) {
	$status = 1;
	last;
	}
	}
	close(PIPE);
	}
}	}
	return $status;
}	}

sub firewall_close_port {	sub firewall_close_port {
my ($iptables,$fw_chains,$lond_port,$ports) = @_;	my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_;
return 'inactive firewall' if (!&firewall_is_active());	return 'inactive firewall' if (!&firewall_is_active());
return 'port number unknown' if !$lond_port;	return 'port number unknown' if !$lond_port;
return 'invalid firewall chain' unless (ref($fw_chains) eq 'ARRAY');	return 'invalid firewall chain' unless (ref($fw_chains) eq 'ARRAY');
Line 231 sub firewall_close_port {	Line 322 sub firewall_close_port {
}	}
}	}
if (!@okchains) {	if (!@okchains) {
return 'None of the chain names has the expected format'."\n";	return 'None of the chain names has the expected format.'."\n";
}	}
if (ref($ports) ne 'ARRAY') {	if (ref($ports) ne 'ARRAY') {
return 'List of ports to close needed.';	return 'List of ports to close needed.';
}	}
	my $firewalld = &uses_firewalld();
foreach my $portnum (@{$ports}) {	foreach my $portnum (@{$ports}) {
my $port = '';	my $port = '';
if ($portnum =~ /^(\d+)$/) {	if ($portnum =~ /^(\d+)$/) {
Line 244 sub firewall_close_port {	Line 336 sub firewall_close_port {
print "Skipped non-numeric port: $portnum\n";	print "Skipped non-numeric port: $portnum\n";
next;	next;
}	}
print "Closing firewall access on port $port\n";	print "Closing firewall access on port $port.\n";
if (($port ne '') && ($port eq $lond_port)) {	if (($port ne '') && ($port eq $lond_port)) {
	my $output;
foreach my $fw_chain (@okchains) {	foreach my $fw_chain (@okchains) {
my (@port_error,@command_error,@lond_port_close);	my (@port_error,@command_error,@lond_port_close);
my %to_close;	my %to_close;
if (open(PIPE, "$iptables -n -L $fw_chain \|")) {	if (open(PIPE, "$iptables -n -L $fw_chain \|")) {
while (<PIPE>) {	while (<PIPE>) {
chomp();	chomp();
next unless (/dpt:\Q$port\E\s*$/);	next unless (/dpt:\Q$port\E/);
if (/^ACCEPT\s+tcp\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {	if (/^ACCEPT\s+tcp\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {
$to_close{$1} = $port;	my $ip = $1;
	my $keepopen = 0;
	if (ref($iphost) eq 'HASH') {
	if (exists($iphost->{$ip})) {
	$keepopen = 1;
	}
	}
	unless ($keepopen) {
	$to_close{$ip} = $port;
	}
}	}
}	}
close(PIPE);	close(PIPE);
}	}
if (keys(%to_close) > 0) {	if (keys(%to_close) > 0) {
foreach my $ip (keys(%to_close)) {	foreach my $ip (keys(%to_close)) {
my $firewall_command =	if ($firewalld) {
"$iptables -D $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";	my $cmd = 'firewall-cmd --zone=public --remove-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\'';
system($firewall_command);	if (open(PIPE,"$cmd \|")) {
my $return_status = $?>>8;	my $result = <PIPE>;
if ($return_status == 1) {	chomp($result);
push (@port_error,$ip);	close(PIPE);
} elsif ($return_status == 2) {	if ($result eq 'success') {
push(@command_error,$ip);	push(@lond_port_close,$ip);
} elsif ($return_status == 0) {	} else {
push(@lond_port_close,$ip);	push(@port_error,$ip);
	}
	} else {
	push(@port_error,$ip);
	}
	} else {
	my $firewall_command =
	"$iptables -D $fw_chain -p tcp -s $ip -d 0/0 --dport $port -j ACCEPT";
	system($firewall_command);
	my $return_status = $?>>8;
	if ($return_status == 1) {
	push (@port_error,$ip);
	} elsif ($return_status == 2) {
	push(@command_error,$ip);
	} elsif ($return_status == 0) {
	push(@lond_port_close,$ip);
	}
}	}
}	}
}	}
if (@lond_port_close) {	if (@lond_port_close) {
print "Port closed for ".scalar(@lond_port_close)." IP addresses\n";	$output .= "Port closed for ".scalar(@lond_port_close)." IP addresses.\n";
}	}
if (@port_error) {	if (@port_error) {
print "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";	$output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
}	}
if (@command_error) {	if (@command_error) {
print "Bad command error opening port for following IP addresses: ".	$output .= "Bad command error opening port for following IP addresses: ".
join(', ',@command_error)."\n".	join(', ',@command_error)."\n".
'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";	'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";
}	}
}	}
	if ($output) {
	print $output;
	} else {
	print "No IP addresses required discontinuation of access.\n";
	}
} else {	} else {
foreach my $fw_chain (@okchains) {	foreach my $fw_chain (@okchains) {
my (@port_error,@command_error,@lond_port_close);	my (@port_error,@command_error,@lond_port_close);
Line 293 sub firewall_close_port {	Line 416 sub firewall_close_port {
if (open(PIPE, "$iptables -n -L $fw_chain \|")) {	if (open(PIPE, "$iptables -n -L $fw_chain \|")) {
while (<PIPE>) {	while (<PIPE>) {
chomp();	chomp();
next unless (/dpt:\Q$port\E\s*$/);	next unless (/dpt:\Q$port\E/);
$to_close = 1;	$to_close = 1;
}	}
close(PIPE);	close(PIPE);
}	}
if ($to_close) {	if ($to_close) {
my $firewall_command =	if ($firewalld) {
"$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";	my $cmd = 'firewall-cmd --zone=public --remove-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\'';
system($firewall_command);	if (open(PIPE,"$cmd\|")) {
my $return_status = $?>>8;	my $result = <PIPE>;
if ($return_status == 1) {	chomp($result);
# Error	close(PIPE);
print "Error closing port for chain: $fw_chain.\n";	if ($result eq 'success') {
} elsif ($return_status == 2) {	print "Port closed for chain $fw_chain.\n";
# Bad command	} else {
print "Bad command error closing port. Command was\n".	print "Error closing port for chain: $fw_chain.\n";
" ".$firewall_command."\n";	}
	} else {
	print "Error closing port for chain: $fw_chain.\n";
	}
} else {	} else {
print "Port closed for chain $fw_chain.\n";	my $firewall_command =
	"$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
	system($firewall_command);
	my $return_status = $?>>8;
	if ($return_status == 1) {
	# Error
	print "Error closing port for chain: $fw_chain.\n";
	} elsif ($return_status == 2) {
	# Bad command
	print "Bad command error closing port. Command was\n".
	" ".$firewall_command."\n";
	} else {
	print "Port closed for chain $fw_chain.\n";
	}
}	}
}	}
}	}
Line 322 sub firewall_close_port {	Line 461 sub firewall_close_port {

sub firewall_close_anywhere {	sub firewall_close_anywhere {
my ($iptables,$fw_chain,$port) = @_;	my ($iptables,$fw_chain,$port) = @_;
	my $firewalld = &uses_firewalld();
if (open(PIPE, "$iptables --line-numbers -n -L $fw_chain \|")) {	if (open(PIPE, "$iptables --line-numbers -n -L $fw_chain \|")) {
while (<PIPE>) {	while (<PIPE>) {
next unless (/dpt:\Q$port\E/);	next unless (/dpt:\Q$port\E/);
chomp();	chomp();
if (/^(\d+)\s+ACCEPT\s+tcp\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {	if (/^(\d+)\s+ACCEPT\s+tcp\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
my $firewall_command = "$iptables -D $fw_chain $1";	if ($firewalld) {
system($firewall_command);	my $cmd = 'firewall-cmd --remove-port='.$port.'/tcp';
my $return_status = $?>>8;	if (open(PIPE,"$cmd \|")) {
if ($return_status == 1) {	my $result = <PIPE>;
print 'Error closing port '.$port.' for source "anywhere"'."\n";	chomp($result);
} elsif ($return_status == 2) {	close(PIPE);
print 'Bad command error closing port '.$port.' for source "anywhere". Command was'."\n".	if ($result eq 'success') {
' '.$firewall_command."\n";	print 'Port '.$port.' closed for source "anywhere"'."\n";
	} else {
	print 'Error closing port '.$port.' for source "anywhere".'."\n";
	}
	} else {
	print 'Error closing port '.$port.' for source "anywhere".'."\n";
	}
} else {	} else {
print 'Port '.$port.' closed for source "anywhere"'."\n";	my $firewall_command = "$iptables -D $fw_chain $1";
	system($firewall_command);
	my $return_status = $?>>8;
	if ($return_status == 1) {
	print 'Error closing port '.$port.' for source "anywhere".'."\n";
	} elsif ($return_status == 2) {
	print 'Bad command error closing port '.$port.' for source "anywhere". Command was'."\n".
	' '.$firewall_command."\n";
	} else {
	print 'Port '.$port.' closed for source "anywhere"'."\n";
	}
}	}
}	}
}	}
Line 359 sub get_lond_port {	Line 515 sub get_lond_port {
}	}

sub get_fw_chains {	sub get_fw_chains {
my ($iptables) = @_;	my ($iptables,$distro) = @_;
	if ($distro eq '') {
	$distro = &get_distro();
	}
my @fw_chains;	my @fw_chains;
my $suse_config = "/etc/sysconfig/SuSEfirewall2";	my $suse_config = "/etc/sysconfig/SuSEfirewall2";
if (-e $suse_config) {	my $ubuntu_config = "/etc/ufw/ufw.conf";
	if (&uses_firewalld($distro)) {
	push(@fw_chains,'IN_public_allow');
	} elsif (-e $suse_config) {
push(@fw_chains,'input_ext');	push(@fw_chains,'input_ext');
} else {	} else {
if (!-e '/etc/sysconfig/iptables') {	my @posschains;
if (!-e '/var/lib/iptables') {	if (-e $ubuntu_config) {
print("Unable to find iptables file containing static definitions\n");	@posschains = ('ufw-user-input','INPUT');
	} else {
	if ($distro =~ /^(debian\|ubuntu\|suse\|sles)/) {
	@posschains = ('INPUT');
	} elsif ($distro =~ /^(fedora\|rhes\|centos\|scientific)(\d+)$/) {
	if ((($1 eq 'fedora') && ($2 > 15)) \|\| (($1 ne 'fedora') && ($2 >= 7))) {
	@posschains = ('INPUT');
	} else {
	@posschains = ('RH-Firewall-1-INPUT','INPUT');
	}
	}
	if (!-e '/etc/sysconfig/iptables') {
	if (!-e '/var/lib/iptables') {
	unless ($distro =~ /^(debian\|ubuntu)/) {
	print("Unable to find iptables file containing static definitions.\n");
	}
	}
	if ($distro =~ /^(fedora\|rhes\|centos\|scientific)(\d+)$/) {
	unless ((($1 eq 'fedora') && ($2 > 15)) \|\| (($1 ne 'fedora') && ($2 >= 7))) {
	push(@fw_chains,'RH-Firewall-1-INPUT');
	}
	}
}	}
push(@fw_chains,'RH-Firewall-1-INPUT');
}	}
if ($iptables eq '') {	if ($iptables eq '') {
$iptables = &get_pathto_iptables();	$iptables = &get_pathto_iptables();
}	}
my %counts;	my %counts;
my @posschains = ('RH-Firewall-1-INPUT','INPUT');
if (open(PIPE,"$iptables -L -n \|")) {	if (open(PIPE,"$iptables -L -n \|")) {
while(<PIPE>) {	while(<PIPE>) {
foreach my $chain (@posschains) {	foreach my $chain (@posschains) {
Line 388 sub get_fw_chains {	Line 569 sub get_fw_chains {
}	}
foreach my $fw_chain (@posschains) {	foreach my $fw_chain (@posschains) {
if ($counts{$fw_chain}) {	if ($counts{$fw_chain}) {
push(@fw_chains,$fw_chain);	unless(grep(/^\Q$fw_chain\E$/,@fw_chains)) {
	push(@fw_chains,$fw_chain);
	}
}	}
}	}
}	}
Line 402 sub get_pathto_iptables {	Line 585 sub get_pathto_iptables {
} elsif (-e '/usr/sbin/iptables') {	} elsif (-e '/usr/sbin/iptables') {
$iptables = '/usr/sbin/iptables';	$iptables = '/usr/sbin/iptables';
} else {	} else {
print("Unable to find iptables command\n");	print("Unable to find iptables command.\n");
}	}
return $iptables;	return $iptables;
}	}

	sub get_distro {
	my $distro;
	if (open(PIPE,"/home/httpd/perl/distprobe \|")) {
	$distro = <PIPE>;
	close(PIPE);
	}
	return $distro;
	}

1;	1;
__END__	__END__

Line 421 B<LONCAPA::Firewall> - dynamic opening/c	Line 613 B<LONCAPA::Firewall> - dynamic opening/c
use lib '/home/httpd/lib/perl/';	use lib '/home/httpd/lib/perl/';
use LONCAPA::Firewall;	use LONCAPA::Firewall;

	LONCAPA::Firewall::uses_firewalld();
LONCAPA::Firewall::firewall_open_port();	LONCAPA::Firewall::firewall_open_port();
LONCAPA::Firewall::firewall_close_port();	LONCAPA::Firewall::firewall_close_port();
LONCAPA::Firewall::firewall_is_port_open();	LONCAPA::Firewall::firewall_is_port_open();
Line 440 The following methods are available:	Line 633 The following methods are available:

=over 4	=over 4

	=item LONCAPA::Firewall::uses_firewalld( $distro );

	=back

	=over 4

=item LONCAPA::Firewall::firewall_open_port( $iptables,$fw_chains,$lond_port,$iphost,$port );	=item LONCAPA::Firewall::firewall_open_port( $iptables,$fw_chains,$lond_port,$iphost,$port );

=back	=back

=over 4	=over 4

=item LONCAPA::Firewall::firewall_close_port( $iptables,$fw_chains,$lond_port,$ports );	=item LONCAPA::Firewall::firewall_close_port( $iptables,$fw_chains,$lond_port,$iphost,$ports );

=back	=back

Line 476 The following methods are available:	Line 675 The following methods are available:

=over 4	=over 4

=item LONCAPA::Firewall::get_fw_chains();	=item LONCAPA::Firewall::get_fw_chains( $iptables,$distro );

=back	=back

Line 484 The following methods are available:	Line 683 The following methods are available:

=item LONCAPA::Firewall::get_pathto_iptables();	=item LONCAPA::Firewall::get_pathto_iptables();

	=back

	=over 4

	=item LONCAPA::Firewall::get_distro();

	=back

=head1 AUTHORS	=head1 AUTHORS

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.6
changed lines
	Added in v.1.16