Facebook
TwitterTITLE:
Bug in plesk firewall script /opt/psa/var/modules/firewall/firewall-active.sh
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Plesk Onys 17.8.11 on vServer with Ubuntu 16.04.5 LTS
PROBLEM DESCRIPTION:There is a bug in the version checking part of the firewall script /opt/psa/var/modules/firewall/firewall-active.sh
The line: iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
does give the value 60 on version 1.6.0
Thus the version check if [ $iptables_version -gt 420 ] does the comparison [60 -gt 420 ] which of course leads to unwanted behavior.
The else part does the job too but results in an unnecessary longer run time of the script.
Version checking is not an easy task and it is implemented too simple.
Instead of adding a full fledged version comparison it may be it is easier to just check if the -w option is available e.g. by using something like man iptables | grep -- --wait
STEPS TO REPRODUCE:The line: iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
does give the value 60 on version 1.6.0
Thus the version check if [ $iptables_version -gt 420 ] does the comparison [60 -gt 420 ] which of course leads to unwanted behavior.
The else part does the job too but results in an unnecessary longer run time of the script.
Version checking is not an easy task and it is implemented too simple.
Instead of adding a full fledged version comparison it may be it is easier to just check if the -w option is available e.g. by using something like man iptables | grep -- --wait
run script with version 1.6.0
ACTUAL RESULT:always ignores the -w option of iptables on version 1.6.0
EXPECTED RESULT:use the -w option of iptables
ANY ADDITIONAL INFORMATION:see suggested solution
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug
