0

I'm in the process to enable the firewall on a VM. Initially the firewall is in a masked state. I use two functions

function status_firewall() {
  RET_VAL=" "
  STATUS=$(systemctl status firewalld)
  MASKED=$(grep -e "masked" <<< $STATUS)
  M_RET=$?

  DEAD=$(grep -e "dead" <<< $STATUS)
  D_RET=$?
  logging "M_RET and D_RET: $M_RET, $D_RET"
  if [ "${M_RET}" -eq "0" ]; then
    RET_VAL=1
  elif [ "${D_RET}" -eq "0" ]; then
    RET_VAL=2
  else
    RET_VAL=0
  fi
  echo ${RET_VAL}
}

echo statement prints value "1" if firewall is masked

function check_firewall() {
  FIREWALL=$(status_firewall)
  logging "Firewall status in check_firewall: ${FIREWALL}"
  if [ "$(status_firewall)" -eq "0" ]; then
    logging "Firewalld service already running"
    RET_VAL=0
  elif [ "$(status_firewall)" -eq "1" ]; then
     ...
  elif
     ...
  fi

I get the correct MASKED and DEAD status value (0, 0) status_firewall() { ... } However, when checking for the return values in check_firewall() { .. } I get the following integer error: integer expression expected

When checking the return value in: check_firewall() it lists: Firewall status: ● firewalld.service Loaded: masked (/dev/null) Active: inactive (dead)

How come the first function supposedly returns value "1" but in the second function it lists the return value as the output of the command: systemctl status firewalld

Improve this question
10
  • 2
    Don't keep calling the function, use $FIREWALL. Commented Apr 24, 2019 at 15:28
  • 1
    What does logging do? Commented Apr 24, 2019 at 15:29
  • 2
    None of your functions use return values. They just write to stdout. Commented Apr 24, 2019 at 15:32
  • 1
    Change the script to use return codes. return 0 on success and then just if status_firewall; then ... Commented Apr 24, 2019 at 15:39
  • 1
    -eq compares two integers. = compares two strings. Commented Apr 24, 2019 at 16:55

1 Answer 1

Reset to default
6

First, simplify status_firewall by using return values instead of writing to standard output, and use pattern matching in a case statement instead of calling grep.

status_firewall() {
    status=$(systemctl status firewalld)
    case $status in
        *masked*) rv=1 ;;
        *dead*)   rv=2 ;;
        *) rv=0 ;;
    esac
    return $rv
}

Then check_firewall is just a matter of examining the exit status of status_firewall.

check_firewall() {
  status_firewall
  case $? in
    0) logging "Firewalld service already running" ;;
    1) ... ;;
    2) ... ;;
  esac
}

In fact, you can do away with status_firewall altogether:

check_firewall() {
  case $(systemctl status firewalld) in
    *masked*) ... ;;
    *dead*) ... ;;
    *) logging "Firewalld service already running" ;;
  esac
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the detailed info. That is some very nice code. Shows me I have a long way to go

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.