Hide Forgot
Description of problem: when the result of a query is negative, exitcode 1 is used. this code is undefined as per man:firewall-cmd(1). While the code is correctly zero/non-zero, 1 is usually result of Traceback, not a valid operation in firewalld. Version-Release number of selected component (if applicable): firewalld-0.4.3.2-6.el7.noarch How reproducible: always Steps to Reproduce: firewall-cmd --query-service ssh ; echo ec=$? firewall-cmd --query-service dns ; echo ec=$? firewall-cmd --query-panic ; echo ec=$? Actual results: yes ec=0 no ec=1 no ec=1 Expected results: yes ec=0 no ec=12 <--- CHANGED to NOT_ENABLED no ec=12 <--- CHANGED to NOT_ENABLED Additional info:
All query methods either return 0 or 1 for a long time already. I do not know if it will be simply possible to change the values without breaking scripts using the current exit codes.
Tomas, The man page sections for --query-* commands indicates that it may return 1. The 'EXIT CODES' section could be updated to indicate that for --query-* 1 means negative status, otherwise it's due to a traceback. I agree with Thomas in comment 2 that changing the return code would be problematic. Best we can do is improve the man page. Do you agree?
Hello Eric, (In reply to Eric Garver from comment #3) > I agree with Thomas in comment 2 that changing the return code would be > problematic. Best we can do is improve the man page. Do you agree? Yes, I agree. the possible change should be done in both downstream and upstream.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0702