getting actives firewall zones fails depending on configuration

[mat000111]

Share the context

I'm running the RHEL STIG which I derived from this project or at least that's my understanding. The ansible role is called ansible-role-rhel9-stig-main". I did confirm the issue is in both projects.

Description of problem:

In this project the file: linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/bash/shared.sh

When it gets active zones using: firewall-cmd --get-active-zones | grep -v interfaces It can return a list that is not valid and the next task fails. This command assumes that "interfaces" is the only non zone line you can get but you can get things like "sources".

Proposed change:

change line: readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v interfaces)

to: readarray -t firewalld_active_zones < <(firewall-cmd --get-active-zones | grep -v "^ ")

This will skip all lines that start with a space and give you only active zones.

Thank you,