From e082b8af0836a60d6c7b8f41131df87fe74a8918 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Wed, 8 Mar 2017 21:19:20 +0100
Subject: [PATCH] Updated log

---
 CHANGELOG.md            |  1 +
 include/tests_firewalls | 39 ++++++++++++++++++++++++++++-----------
 2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2612152b..74ae80cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ Tests:
 ------
 * AUTH-9328 - Add missing 0027 and 0077 umasks
 * BOOT-5104 - Add initsplash and minor code enhancements
+* FIRE-4502 - Improved detection for iptables modules when using OpenVZ
 
 ---------------------------------------------------------------------------------
 
diff --git a/include/tests_firewalls b/include/tests_firewalls
index 27883c91..c1fca4ff 100644
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@@ -27,6 +27,7 @@
 #################################################################################
 #
     IPTABLES_ACTIVE=0
+    IP6TABLES_ACTIVE=0
     IPTABLES_INKERNEL_ACTIVE=0
     IPTABLES_MODULE_ACTIVE=0
     FIREWALL_ACTIVE=0
@@ -47,26 +48,35 @@
             IPTABLES_ACTIVE=1
             IPTABLES_MODULE_ACTIVE=1
             Display --indent 2 --text "- Checking iptables kernel module" --result "${STATUS_FOUND}" --color GREEN
+            Report "firewall_software[]=iptables"
             LogText "Result: Found iptables in loaded kernel modules"
             for I in ${FIND}; do
+                if [ "${I}" = "ip6_tables" ]; then IP6TABLES_ACTIVE=1; Report "firewall_software[]=ip6tables"; fi
                 LogText "Found module: ${I}"
             done
-          else
+        elif [ -f ${ROOTDIR}proc/net/ip_tables_names ]; then
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="iptables"
+            Report "firewall_software[]=iptables"
+            IPTABLES_ACTIVE=1
+            Display --indent 2 --text "- Checking iptables support" --result "${STATUS_FOUND}" --color GREEN
+        elif [ -f ${ROOTDIR}proc/net/ip6_tables_names ]; then
+            FIREWALL_ACTIVE=1
+            IP6TABLES_ACTIVE=1
+            Report "firewall_software[]=ip6tables"
+            Display --indent 2 --text "- Checking ip6tables support" --result "${STATUS_FOUND}" --color GREEN
+        else
             Display --indent 2 --text "- Checking iptables kernel module" --result "${STATUS_NOT_FOUND}" --color WHITE
 
             # If we can't find an active module, try to find the Linux configuration file and check that
-            if [ -f /proc/config.gz ]; then
-                LINUXCONFIGFILE="/proc/config.gz"; tCATCMD="zcat";
-            fi
+            if [ -f /proc/config.gz ]; then LINUXCONFIGFILE="/proc/config.gz"; tCATCMD="zcat"; fi
             sLINUXCONFIGFILE="/boot/config-$(uname -r)"
-            if [ -f ${sLINUXCONFIGFILE} ]; then
-                LINUXCONFIGFILE=${sLINUXCONFIGFILE}; tCATCMD="cat";
-            fi
+            if [ -f ${sLINUXCONFIGFILE} ]; then LINUXCONFIGFILE=${sLINUXCONFIGFILE}; tCATCMD="cat"; fi
 
             # If we have a kernel configuration file, use it for testing
             # Do not perform test if we already found it in kernel module list, to avoid triggered it in the upcoming
             # tests, when using iptables --list
-            if [ ! "${LINUXCONFIGFILE}" = "" ]; then
+            if [ ! -z "${LINUXCONFIGFILE}" ]; then
                 if [ -f ${LINUXCONFIGFILE} -a ${IPTABLES_MODULE_ACTIVE} -eq 0 ]; then
                     LogText "Result: found kernel configuration file (${LINUXCONFIGFILE})"
                     FIND=$(${tCATCMD} ${LINUXCONFIGFILE} | ${GREPBINARY} -v '^#' | ${GREPBINARY} "CONFIG_IP_NF_IPTABLES" | head -n 1)
@@ -81,17 +91,16 @@
                             FIREWALL_ACTIVE=1
                             FIREWALL_SOFTWARE="iptables"
                             Display --indent 2 --text "- Checking iptables in config file" --result "${STATUS_FOUND}" --color GREEN
-                          else
+                        else
                             LogText "Result: no iptables found in Linux kernel config file"
                         fi
-                      else
+                    else
                         LogText "Result: no Linux configuration file found"
                         Display --indent 2 --text "- Checking iptables in config file" --result "${STATUS_NOT_FOUND}" --color WHITE
                     fi
                 fi
             fi
         fi
-        if [ ${IPTABLES_ACTIVE} -eq 1 ]; then Report "firewall_software[]=iptables"; fi
     fi
 #
 #################################################################################
@@ -188,6 +197,14 @@
 #
 #################################################################################
 #
+    # Test        : FIRE-4514
+    # Notes       :
+    # Check if ipv6 is active on any network interface
+    # If ip_tables is active, and ip6_tables is not, show warning about missing filtering
+#
+#################################################################################
+#
+
     # Test        : FIRE-4518
     # Description : Checking status of pf firewall components
     # Notes       : Use /dev/pf as first detection method if pf is available