getting actives firewall zones fails depending on configuration #12476
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Share the context
I'm running the RHEL STIG which I derived from this project or at least that's my understanding. The ansible role is called ansible-role-rhel9-stig-main". I did confirm the issue is in both projects.
Description of problem:
In this project the file: linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh
When it gets active zones using: firewall-cmd --get-active-zones | grep -v interfaces
It can return a list that is not valid and the next task fails. This command assumes that "interfaces" is the only non zone line you can get but you can get things like "sources".
Proposed change:
change line: readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v interfaces)
to: readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v "^ ")
This will skip all lines that start with a space and give you only active zones.
Thank you,
The text was updated successfully, but these errors were encountered: