Sat6: Check the firewalld xml profile

[jhutar]

https://github.com/boogiespook/sat6_healthCheck/blob/master/sat6_healthCheck.sh#L339-L360

function checkFirewalldXML {
    ## Check the firewalld xml profile, suggest and offer to fix it.

    if [ $(egrep ${FIREWALL_REGEX} ${FIREWALLD_XML} | wc -l) -lt ${EXPECTED_PORTCOUNT} ]
    then
        printError "Incorrect firewalld manifest detected"
        echo -n "Would you like me to correct it ? [y|N] : "
        read yesno
        if [ $yesno == 'y' ]
        then
            echo "Correcting firewalld profile and reloading"
            fixFirewalldProfile
            firewall-cmd --add-service=RH-Satellite-6 --permanent
            firewall-cmd --reload
        else
            printWarning "Leaving the firewalld profile as is as is"
        fi
    else
        printOK "firewalld xml profile looks ok"
    fi

}

[jhutar]

Or maybe:

https://github.com/boogiespook/sat6_healthCheck/blob/master/sat6_healthCheck.sh#L495-L535

function checkFirewallRules {
    echo -e "
###########################
 Checking Firewall Rules
###########################"
    a=$(systemctl is-active firewalld 2> /dev/null)
    if [[ $a == "unknown" ]]
    then
        echo "Not checking firewall as it isn't currently running"
        return 1
    else
    iptables -n -L IN_public_allow > $TMPDIR/iptables
    cat << EOF >> $TMPDIR/iptables_required
tcp dpt:22
tcp dpt:443
tcp dpt:80
tcp dpt:8140
tcp dpt:9090
tcp dpt:8080
udp dpt:67
udp dpt:68
tcp dpt:53
udp dpt:69
udp dpt:53
tcp dpt:5671
tcp dpt:5647
EOF

    while read line
      do
        port=$(echo $line | awk -F":" '{print $2}')
        proto=$(echo $line | awk '{print $1}')
        if (( $(grep -c "$line" $TMPDIR/iptables) > 0 ))
          then
        printOK "$port ($proto) has been opened"
          else
        printError "$port ($proto) has been NOT been opened"
        fi
      done < $TMPDIR/iptables_required
    fi
}