From 28fe1dfaad358ebdba0e1599816d2748a8cb3a5a Mon Sep 17 00:00:00 2001
From: Mark Gurevich <gurevich@us.ibm.com>
Date: Fri, 23 Apr 2021 14:49:56 -0400
Subject: [PATCH] Improve xcatprobe check for firewall

---
 xCAT-probe/lib/perl/probe_utils.pm | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/xCAT-probe/lib/perl/probe_utils.pm b/xCAT-probe/lib/perl/probe_utils.pm
index 6fbf59cd5..fa31e84e7 100644
--- a/xCAT-probe/lib/perl/probe_utils.pm
+++ b/xCAT-probe/lib/perl/probe_utils.pm
@@ -282,15 +282,11 @@ sub is_firewall_open {
 
     my $output = `iptables -nvL -t filter 2>&1`;
 
-    `echo "$output" |grep "Chain INPUT (policy ACCEPT" > /dev/null  2>&1`;
-    $rst = 1 if ($?);
-
-    `echo "$output" |grep "Chain FORWARD (policy ACCEPT" > /dev/null  2>&1`;
-    $rst = 1 if ($?);
-
-    `echo "$output" |grep "Chain OUTPUT (policy ACCEPT" > /dev/null  2>&1`;
-    $rst = 1 if ($?);
-
+    if ($output =~ /DROP|RETURN/) {
+        # If output contains DROP or RETURN rules, assume firewall
+        # is blocking some traffic
+        $rst=1;
+    }
     return $rst;
 }