diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9701560f..906d1dc9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -866,16 +866,17 @@ create_pihole_user() { configureFirewall() { # Allow HTTP and DNS traffic - if command -v firewall-cmd &> /dev/null; then - firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \ - && firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled" - elif command -v iptables &> /dev/null; then + if firewall-cmd --state &> /dev/null; then + echo "::: Configuring FirewallD for httpd and dnsmasq.." + firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp + firewall-cmd --reload + elif modinfo ip_tables &> /dev/null && iptables -S INPUT | head -n1 | grep -v "ACCEPT" &> /dev/null ; then echo "::: Configuring iptables for httpd and dnsmasq.." iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT else - echo "::: No firewall detected.. skipping firewall configuration." + echo "::: No active firewall detected.. skipping firewall configuration." fi } diff --git a/test/test_automated_install.py b/test/test_automated_install.py index ee3beeee..58aefe91 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole): source /opt/pihole/basic-install.sh configureFirewall ''') - expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.' + expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.' assert expected_stdout in configureFirewall.stdout firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout assert 'firewall-cmd --state' in firewall_calls - assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls - assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls - assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls + assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls assert 'firewall-cmd --reload' in firewall_calls