--- loncom/configuration/Firewall.pm	2011/02/25 19:41:59	1.8
+++ loncom/configuration/Firewall.pm	2011/05/15 00:49:41	1.11
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Firewall configuration to allow internal LON-CAPA communication between servers   
 #
-# $Id: Firewall.pm,v 1.8 2011/02/25 19:41:59 raeburn Exp $
+# $Id: Firewall.pm,v 1.11 2011/05/15 00:49:41 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -244,8 +244,9 @@ sub firewall_close_port {
             print "Skipped non-numeric port: $portnum\n"; 
             next;
         }
-        print "Closing firewall access on port $port\n";
+        print "Closing firewall access on port $port.\n";
         if (($port ne '') && ($port eq $lond_port)) {
+            my $output;
             foreach my $fw_chain (@okchains) {
                 my (@port_error,@command_error,@lond_port_close);
                 my %to_close;
@@ -284,17 +285,22 @@ sub firewall_close_port {
                     }
                 }
                 if (@lond_port_close) {
-                    print "Port closed for ".scalar(@lond_port_close)." IP addresses\n";
+                    $output .= "Port closed for ".scalar(@lond_port_close)." IP addresses\n";
                 }
                 if (@port_error) {
-                    print "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
+                    $output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
                 }
                 if (@command_error) {
-                    print "Bad command error opening port for following IP addresses: ".
+                    $output .= "Bad command error opening port for following IP addresses: ".
                           join(', ',@command_error)."\n".
                           'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";
                 }
             }
+            if ($output) {
+                 print $output;
+            } else {
+                print "No IP addresses required discontinuation of access.\n";
+            }
         } else {
             foreach my $fw_chain (@okchains) {
                 my (@port_error,@command_error,@lond_port_close);
@@ -369,6 +375,11 @@ sub get_lond_port {
 
 sub get_fw_chains {
     my ($iptables) = @_;
+    my $distro;
+    if (open(PIPE,"/home/httpd/perl/distprobe|")) {
+        $distro = <PIPE>;
+        close(PIPE);
+    }
     my @fw_chains;
     my $suse_config = "/etc/sysconfig/SuSEfirewall2";
     my $ubuntu_config = "/etc/ufw/ufw.conf";
@@ -379,12 +390,20 @@ sub get_fw_chains {
         if (-e $ubuntu_config) {
             @posschains = ('ufw-user-input','INPUT');
         } else {
-            @posschains = ('RH-Firewall-1-INPUT','INPUT');
+            if ($distro =~ /^(debian|ubuntu|suse|sles)/) {
+                @posschains = ('INPUT'); 
+            } else {
+                @posschains = ('RH-Firewall-1-INPUT','INPUT');
+            }
             if (!-e '/etc/sysconfig/iptables') {
                 if (!-e '/var/lib/iptables') {
-                    print("Unable to find iptables file containing static definitions\n");
+                    unless ($distro =~ /^(debian|ubuntu)/) {
+                        print("Unable to find iptables file containing static definitions\n");
+                    }
+                }
+                if ($distro =~ /^(fedora|rhes|centos|scientific)/) {
+                    push(@fw_chains,'RH-Firewall-1-INPUT');
                 }
-                push(@fw_chains,'RH-Firewall-1-INPUT'); 
             }
         }
         if ($iptables eq '') {