CP-40754 The firewall-port script returns true if port 80 is blocked and false if it is closed, this is captured in set_https_only to update the DB based on the tate of the network not the requested setting should there be a failure

jameshensmancitrix · jameshensmancitrix · commit e341b42f7c0c · 2022-10-05T14:18:04.000+01:00
Signed-off-by: jameshensmancitrix &lt;james.hensman@citrix.com&gt;
diff --git a/ocaml/xapi/xapi_host.ml b/ocaml/xapi/xapi_host.ml
@@ -2928,6 +2928,7 @@ let apply_updates ~__context ~self ~hash =
 
 let set_https_only ~__context ~self ~value =
   let state = match value with true -> "close" | false -> "open" in
-  ignore
-  @@ Helpers.call_script !Xapi_globs.firewall_port_config_script [state; "80"] ;
-  Db.Host.set_https_only ~__context ~self ~value
+  let network_state =
+    Helpers.call_script !Xapi_globs.firewall_port_config_script [state; "80"]
+  in
+  Db.Host.set_https_only ~__context ~self ~value:(bool_of_string network_state)
diff --git a/scripts/plugins/firewall-port b/scripts/plugins/firewall-port
@@ -52,5 +52,13 @@ case "${OP}" in
         exit 1
         ;;
 esac
+
+if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
+    then
+        echo true
+        else
+        echo false
+fi
+
 exit 0
 
