powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1055 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 260568e7ec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '260568e7ec'
${ noResults }
base/SOURCES/bz1402370-portblock-wait.patch

114 lines
3.8 KiB
Raw Blame History

From 14b45df580668220cf97744df93cb9ee5484a14e Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 8 Dec 2016 11:18:10 +0100
Subject: [PATCH 1/2] portblock: Use -w (wait) to avoid "insufficient
privileges" error
---
heartbeat/portblock | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/heartbeat/portblock b/heartbeat/portblock
index c480954..e7de217 100755
--- a/heartbeat/portblock
+++ b/heartbeat/portblock
@@ -242,7 +242,7 @@ active_grep_pat()
chain_isactive()
{
PAT=`active_grep_pat "$1" "$2" "$3"`
- $IPTABLES -n -L INPUT | grep "$PAT" >/dev/null
+ $IPTABLES -w -n -L INPUT | grep "$PAT" >/dev/null
}
save_tcp_connections()
@@ -370,13 +370,13 @@ IptablesBLOCK()
: OK -- chain already active
else
if $try_reset ; then
- $IPTABLES -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+ $IPTABLES -w -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
tickle_local
fi
- $IPTABLES -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+ $IPTABLES -w -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
rc=$?
if $try_reset ; then
- $IPTABLES -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+ $IPTABLES -w -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
fi
fi
@@ -389,7 +389,7 @@ IptablesUNBLOCK()
if
chain_isactive "$1" "$2" "$3"
then
- $IPTABLES -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+ $IPTABLES -w -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
else
: Chain Not active
fi
From 57d31bc04a0421cf2746830d5e987e52f9f9acd3 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Fri, 9 Dec 2016 13:57:49 +0100
Subject: [PATCH 2/2] portblock: version check for -w
---
heartbeat/portblock | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/heartbeat/portblock b/heartbeat/portblock
index e7de217..92f7071 100755
--- a/heartbeat/portblock
+++ b/heartbeat/portblock
@@ -242,7 +242,7 @@ active_grep_pat()
chain_isactive()
{
PAT=`active_grep_pat "$1" "$2" "$3"`
- $IPTABLES -w -n -L INPUT | grep "$PAT" >/dev/null
+ $IPTABLES $wait -n -L INPUT | grep "$PAT" >/dev/null
}
save_tcp_connections()
@@ -370,13 +370,13 @@ IptablesBLOCK()
: OK -- chain already active
else
if $try_reset ; then
- $IPTABLES -w -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+ $IPTABLES $wait -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
tickle_local
fi
- $IPTABLES -w -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+ $IPTABLES $wait -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
rc=$?
if $try_reset ; then
- $IPTABLES -w -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+ $IPTABLES $wait -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
fi
fi
@@ -389,7 +389,7 @@ IptablesUNBLOCK()
if
chain_isactive "$1" "$2" "$3"
then
- $IPTABLES -w -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+ $IPTABLES $wait -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
else
: Chain Not active
fi
@@ -526,6 +526,15 @@ if [ -z "$OCF_RESKEY_action" ]; then
exit $OCF_ERR_CONFIGURED
fi
+# iptables v1.4.20+ is required to use -w (wait)
+version=$(iptables -V | awk -F ' v' '{print $NF}')
+ocf_version_cmp "$version" "1.4.19.1"
+if [ "$?" -eq "2" ]; then
+ wait="-w"
+else
+ wait=""
+fi
+
protocol=$OCF_RESKEY_protocol
portno=$OCF_RESKEY_portno
action=$OCF_RESKEY_action