From 575dcec0cd97af26623975cbc43564d25b91b346 Mon Sep 17 00:00:00 2001 From: abrychcy Date: Wed, 12 Feb 2025 19:49:22 +0100 Subject: [PATCH 1/2] Update portblock: improve version detection of iptables The awk script does not remove suffixes after the version string. ocf_version_cmp fails to compare this string. wait option will never be added if (nf_tables) or (legacy) is present after vX.Y.Z --- heartbeat/portblock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/heartbeat/portblock b/heartbeat/portblock index 450e37208..ea22f76a6 100755 --- a/heartbeat/portblock +++ b/heartbeat/portblock @@ -618,7 +618,7 @@ if [ -z "$OCF_RESKEY_action" ]; then fi # iptables v1.4.20+ is required to use -w (wait) -version=$(iptables -V | awk -F ' v' '{print $NF}') +version=$(iptables -V | grep -oE '[0-9]+(\.[0-9]+)+') ocf_version_cmp "$version" "1.4.19.1" if [ "$?" -eq "2" ]; then wait="-w" From 938867b0c4a77448403961b94aa04f9a34c72b11 Mon Sep 17 00:00:00 2001 From: abrychcy Date: Thu, 13 Feb 2025 19:16:26 +0100 Subject: [PATCH 2/2] simplify iptables version string regex --- heartbeat/portblock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/heartbeat/portblock b/heartbeat/portblock index ea22f76a6..2fca0f893 100755 --- a/heartbeat/portblock +++ b/heartbeat/portblock @@ -618,7 +618,7 @@ if [ -z "$OCF_RESKEY_action" ]; then fi # iptables v1.4.20+ is required to use -w (wait) -version=$(iptables -V | grep -oE '[0-9]+(\.[0-9]+)+') +version=$(iptables -V | grep -oE '[0-9]+[\.0-9]+') ocf_version_cmp "$version" "1.4.19.1" if [ "$?" -eq "2" ]; then wait="-w"