* Added a check to see if firewalld is running and, if not, start it in System->manage_firewall

Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 7 years ago
parent eaf900d5c3
commit 215d96b983
  1. 3
      AN/Tools.pm
  2. 61
      AN/Tools/System.pm
  3. 2
      AN/an-tools.xml

@ -587,6 +587,9 @@ sub _set_defaults
my ($an) = shift; my ($an) = shift;
$an->data->{sys} = { $an->data->{sys} = {
daemons => {
restart_firewalld => 1,
},
database => { database => {
local_lock_active => 0, local_lock_active => 0,
locking_reap_age => 300, locking_reap_age => 300,

@ -446,19 +446,44 @@ sub manage_firewall
# If the port is open and the task is 'check' or 'open', we're done and can return now and save a lot # If the port is open and the task is 'check' or 'open', we're done and can return now and save a lot
# of time. # of time.
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'task' => $task, 'open' => $open }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'task' => $task, 'open' => $open }});
if ((($task eq "check") or ($task eq "open")) && ($open)) if ((($task eq "check") or ($task eq "open")) && ($open))
{ {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open }});
return($open); return($open);
} }
# Make sure firewalld is running.
my $firewalld_running = $an->System->check_daemon({daemon => "firewalld"});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { firewalld_running => $firewalld_running }});
if (not $firewalld_running)
{
if ($an->data->{sys}{daemons}{restart_firewalld})
{
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0127"});
my $return_code = $an->System->start_daemon({daemon => "firewalld"});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { return_code => $return_code }});
if ($return_code)
{
# non-0 means something went wrong.
return("!!error!!");
}
}
else
{
# We've been asked to leave it off.
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0128"});
return(0);
}
}
# Before we do anything, what zone is active? # Before we do anything, what zone is active?
my $active_zone = ""; my $active_zone = "";
if (not $active_zone) if (not $active_zone)
{ {
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-active-zones"; my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-active-zones";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { shell_call => $shell_call }});
my $output = $an->System->call({shell_call => $shell_call}); my $output = $an->System->call({shell_call => $shell_call});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
@ -550,21 +575,21 @@ sub manage_firewall
{ {
# Map the port to a service, if possible. # Map the port to a service, if possible.
my $service = $an->System->_match_port_to_service({port => $port_number}); my $service = $an->System->_match_port_to_service({port => $port_number});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { service => $service }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { service => $service }});
# Open the port # Open the port
if ($service) if ($service)
{ {
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --add-service ".$service; my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --add-service ".$service;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { shell_call => $shell_call }});
my $output = $an->System->call({shell_call => $shell_call}); my $output = $an->System->call({shell_call => $shell_call});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { output => $output }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
if ($output eq "success") if ($output eq "success")
{ {
$open = 1; $open = 1;
$changed = 1; $changed = 1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open, changed => $changed }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open, changed => $changed }});
} }
else else
{ {
@ -575,15 +600,15 @@ sub manage_firewall
else else
{ {
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --add-port ".$port_number."/".$protocol; my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --add-port ".$port_number."/".$protocol;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { shell_call => $shell_call }});
my $output = $an->System->call({shell_call => $shell_call}); my $output = $an->System->call({shell_call => $shell_call});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { output => $output }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
if ($output eq "success") if ($output eq "success")
{ {
$open = 1; $open = 1;
$changed = 1; $changed = 1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open, changed => $changed }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open, changed => $changed }});
} }
else else
{ {
@ -596,21 +621,21 @@ sub manage_firewall
{ {
# Map the port to a service, if possible. # Map the port to a service, if possible.
my $service = $an->System->_match_port_to_service({port => $port_number}); my $service = $an->System->_match_port_to_service({port => $port_number});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { service => $service }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { service => $service }});
# Close the port # Close the port
if ($service) if ($service)
{ {
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --remove-service ".$service; my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --remove-service ".$service;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { shell_call => $shell_call }});
my $output = $an->System->call({shell_call => $shell_call}); my $output = $an->System->call({shell_call => $shell_call});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { output => $output }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
if ($output eq "success") if ($output eq "success")
{ {
$open = 0; $open = 0;
$changed = 1; $changed = 1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open, changed => $changed }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open, changed => $changed }});
} }
else else
{ {
@ -621,15 +646,15 @@ sub manage_firewall
else else
{ {
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --remove-port ".$port_number."/".$protocol; my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --permanent --remove-port ".$port_number."/".$protocol;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { shell_call => $shell_call }});
my $output = $an->System->call({shell_call => $shell_call}); my $output = $an->System->call({shell_call => $shell_call});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { output => $output }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }});
if ($output eq "success") if ($output eq "success")
{ {
$open = 0; $open = 0;
$changed = 1; $changed = 1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open, changed => $changed }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open, changed => $changed }});
} }
else else
{ {
@ -645,7 +670,7 @@ sub manage_firewall
$an->System->reload_daemon({daemon => "firewalld"}); $an->System->reload_daemon({daemon => "firewalld"});
} }
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open }}); $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 'open' => $open }});
return($open); return($open);
} }

@ -195,6 +195,8 @@ The database connection error was:
<key name="log_0124">About to query: [#!variable!query!#]</key> <key name="log_0124">About to query: [#!variable!query!#]</key>
<key name="log_0125">Entering method: [#!variable!method!#]</key> <key name="log_0125">Entering method: [#!variable!method!#]</key>
<key name="log_0126">Exiting method: [#!variable!method!#]</key> <key name="log_0126">Exiting method: [#!variable!method!#]</key>
<key name="log_0127">Firewalld was not running, re-enabling it. If you do not want this behaviour, please set 'sys::daemons::restart_firewalld = 0' in the configuration file for this program (or in 'tools.conf').</key>
<key name="log_0128">Firewalld was not running, and 'sys::daemons::restart_firewalld = 0' is set. NOT starting it.</key>
<!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. --> <!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. -->
<key name="t_0000">Test</key> <key name="t_0000">Test</key>

Loading…
Cancel
Save