From e09e5b3e53c27ab469cc5629a65930cc461d4769 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 1 Aug 2023 23:21:25 +0200 Subject: [PATCH] IS_MINIFW: better detection of minifirewall status --- linux/CHANGELOG | 4 +++- linux/evocheck.sh | 13 +++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/linux/CHANGELOG b/linux/CHANGELOG index 834b42c..3eefdde 100644 --- a/linux/CHANGELOG +++ b/linux/CHANGELOG @@ -4,8 +4,9 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp ## [Unreleased] ### Added -* IS_OLDPUB: pub.evolix.net has been supersed by pub.evolix.org since Stretch +* IS_MINIFW: better detection of minifirewall status +* IS_OLDPUB: pub.evolix.net has been supersed by pub.evolix.org since Stretch ### Changed ### Deprecated @@ -13,6 +14,7 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp ### Removed ### Fixed + * IS_BINDCHROOT: fix /etc/default path for Debian >= 11 (renamed from bind9 to named) ### Security diff --git a/linux/evocheck.sh b/linux/evocheck.sh index 55ffbe4..352e717 100755 --- a/linux/evocheck.sh +++ b/linux/evocheck.sh @@ -281,8 +281,17 @@ check_alert5minifw() { fi } check_minifw() { - /sbin/iptables -L -n | grep -q -E "^ACCEPT\s*(all|0)\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \ - || failed "IS_MINIFW" "minifirewall seems not started" + { + if [ -f /etc/systemd/system/minifirewall.service ]; then + systemctl is-active minifirewall > /dev/null 2>&1 + else + if test -x /usr/share/scripts/minifirewall_status; then + /usr/share/scripts/minifirewall_status > /dev/null 2>&1 + else + /sbin/iptables -L -n 2> /dev/null | grep -q -E "^(DROP\s+(udp|17)|ACCEPT\s+(icmp|1))\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" + fi + fi + } || failed "IS_MINIFW" "minifirewall seems not started" } check_minifw_includes() { if is_debian_bullseye; then