Facebook
TwitterThere is a bug in the version checking part of the firewall script /opt/psa/var/modules/firewall/firewall-active.sh
The line: iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
does return the value 60 on version 1.6.0
Thus the version check if [ $iptables_version -gt 420 ] does the comparison [60 -gt 420 ] which of course leads to unwanted behavior.
The else part does the job too but results in an unnecessary longer run time of the script.
Version checking is not an easy task and it is implemented too optimistic.
May be it is easier to just check if the -w option is available by something like man iptables | grep -- --wait
The line: iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
does return the value 60 on version 1.6.0
Thus the version check if [ $iptables_version -gt 420 ] does the comparison [60 -gt 420 ] which of course leads to unwanted behavior.
The else part does the job too but results in an unnecessary longer run time of the script.
Version checking is not an easy task and it is implemented too optimistic.
May be it is easier to just check if the -w option is available by something like man iptables | grep -- --wait
