--- loncom/configuration/Firewall.pm 2011/04/26 03:43:17 1.9 +++ loncom/configuration/Firewall.pm 2014/03/17 14:47:46 1.14 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Firewall configuration to allow internal LON-CAPA communication between servers # -# $Id: Firewall.pm,v 1.9 2011/04/26 03:43:17 raeburn Exp $ +# $Id: Firewall.pm,v 1.14 2014/03/17 14:47:46 bisitz Exp $ # # The LearningOnline Network with CAPA # @@ -35,6 +35,7 @@ package LONCAPA::Firewall; use strict; use lib '/home/httpd/perl/lib'; use LONCAPA::Configuration; +use LONCAPA; sub firewall_open_port { my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_; @@ -50,7 +51,7 @@ sub firewall_open_port { } } if (!@okchains) { - return 'None of the chain names has the expected format'."\n"; + return 'None of the chain names has the expected format.'."\n"; } if (ref($ports) ne 'ARRAY') { return 'List of ports to open needed.'; @@ -60,7 +61,7 @@ sub firewall_open_port { if ($portnum =~ /^(\d+)$/) { $port = $1; } else { - print "Skipped non-numeric port: $portnum\n"; + print "Skipped non-numeric port: $portnum.\n"; next; } print "Opening firewall access on port $port.\n"; @@ -83,9 +84,11 @@ sub firewall_open_port { if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) { $ip = "$1.$2.$3.$4"; } else { + print "IP address: $key does not have expected format.\n"; next; } } else { + print "IP address: $key does not have expected format.\n"; next; } if ($curropen{$ip}) { @@ -109,19 +112,23 @@ sub firewall_open_port { } } } + } else { + print "no key found in $iphost hash ref\n"; } + } else { + print "$iphost is not a reference to a hash\n"; } if (@lond_port_curropen) { unless (grep(/^\Q$port\E$/,@opened)) { push(@opened,$port); } - print "Port already open for ".scalar(@lond_port_curropen)." IP addresses\n"; + print "Port already open for ".scalar(@lond_port_curropen)." IP addresses.\n"; } if (@lond_port_open) { unless (grep(/^\Q$port\E$/,@opened)) { push(@opened,$port); } - print "Port opened for ".scalar(@lond_port_open)." IP addresses\n"; + print "Port opened for ".scalar(@lond_port_open)." IP addresses.\n"; } if (@port_error) { print "Error opening port for following IP addresses: ".join(', ',@port_error)."\n"; @@ -231,7 +238,7 @@ sub firewall_close_port { } } if (!@okchains) { - return 'None of the chain names has the expected format'."\n"; + return 'None of the chain names has the expected format.'."\n"; } if (ref($ports) ne 'ARRAY') { return 'List of ports to close needed.'; @@ -244,8 +251,9 @@ sub firewall_close_port { print "Skipped non-numeric port: $portnum\n"; next; } - print "Closing firewall access on port $port\n"; + print "Closing firewall access on port $port.\n"; if (($port ne '') && ($port eq $lond_port)) { + my $output; foreach my $fw_chain (@okchains) { my (@port_error,@command_error,@lond_port_close); my %to_close; @@ -284,17 +292,22 @@ sub firewall_close_port { } } if (@lond_port_close) { - print "Port closed for ".scalar(@lond_port_close)." IP addresses\n"; + $output .= "Port closed for ".scalar(@lond_port_close)." IP addresses.\n"; } if (@port_error) { - print "Error closing port for following IP addresses: ".join(', ',@port_error)."\n"; + $output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n"; } if (@command_error) { - print "Bad command error opening port for following IP addresses: ". + $output .= "Bad command error opening port for following IP addresses: ". join(', ',@command_error)."\n". 'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n"; } } + if ($output) { + print $output; + } else { + print "No IP addresses required discontinuation of access.\n"; + } } else { foreach my $fw_chain (@okchains) { my (@port_error,@command_error,@lond_port_close); @@ -340,7 +353,7 @@ sub firewall_close_anywhere { system($firewall_command); my $return_status = $?>>8; if ($return_status == 1) { - print 'Error closing port '.$port.' for source "anywhere"'."\n"; + print 'Error closing port '.$port.' for source "anywhere".'."\n"; } elsif ($return_status == 2) { print 'Bad command error closing port '.$port.' for source "anywhere". Command was'."\n". ' '.$firewall_command."\n"; @@ -369,17 +382,7 @@ sub get_lond_port { sub get_fw_chains { my ($iptables) = @_; - my $perlvarref=&LONCAPA::Configuration::read_conf(); - my $distro; - if (ref($perlvarref) eq 'HASH') { - my $path = $perlvarref->{'lonDaemons'}; - if ($path) { - if (open(PIPE,"$path/distprobe|")) { - $distro = ; - close(PIPE); - } - } - } + my $distro = &LONCAPA::distro(); my @fw_chains; my $suse_config = "/etc/sysconfig/SuSEfirewall2"; my $ubuntu_config = "/etc/ufw/ufw.conf"; @@ -398,7 +401,7 @@ sub get_fw_chains { if (!-e '/etc/sysconfig/iptables') { if (!-e '/var/lib/iptables') { unless ($distro =~ /^(debian|ubuntu)/) { - print("Unable to find iptables file containing static definitions\n"); + print("Unable to find iptables file containing static definitions.\n"); } } if ($distro =~ /^(fedora|rhes|centos|scientific)/) { @@ -438,7 +441,7 @@ sub get_pathto_iptables { } elsif (-e '/usr/sbin/iptables') { $iptables = '/usr/sbin/iptables'; } else { - print("Unable to find iptables command\n"); + print("Unable to find iptables command.\n"); } return $iptables; }