From db7e5f769f3478c29156186632eb1c5bd010815b Mon Sep 17 00:00:00 2001
From: Doc <lastdoc39@gmail.com>
Date: Mon, 6 Oct 2025 18:42:09 -0400
Subject: [PATCH] revisions of isolation-check

---
 .gitea/workflows/isolate-the-network.sh | 18 ++++-----
 .gitea/workflows/isolation-check.yaml   | 53 +++++++++++++------------
 2 files changed, 37 insertions(+), 34 deletions(-)

diff --git a/.gitea/workflows/isolate-the-network.sh b/.gitea/workflows/isolate-the-network.sh
index 981c10f..4f85cc0 100644
--- a/.gitea/workflows/isolate-the-network.sh
+++ b/.gitea/workflows/isolate-the-network.sh
@@ -49,15 +49,15 @@ done
 
 # Dont bother allowing intra-subnet traffic for IPv6
 
-# Deny IPv6 traffic to docker zone
-RULE="rule family=\"ipv6\" source address=\"${ISOLATEDNETv6}\" drop"
-$FWCMD $MKPERMANENT --zone=$DOCKERZONE --add-rich-rule="$RULE"
-
-# Deny isolated ipv6 segment to LAN ipv6
-for addr in $LAN6SUBNETS ; do
-    RULE="rule family=\"ipv4\" source address=\"${ISOLATEDPREFIX}${ISOLATEDSUFFIX}/${ISOLATEDSEGMENT}\" destination address=\"$addr\" drop"
-    $FWCMD $MKPERMANENT --zone=$HOMEZONE --add-rich-rule="$RULE"
-done
+# # Deny IPv6 traffic to docker zone
+# RULE="rule family=\"ipv6\" source address=\"${ISOLATEDNETv6}\" drop"
+# $FWCMD $MKPERMANENT --zone=$DOCKERZONE --add-rich-rule=\'$RULE\'
+#
+# # Deny isolated ipv6 segment to LAN ipv6
+# for addr in $LAN6SUBNETS ; do
+#     RULE="rule family=\"ipv4\" source address=\"${ISOLATEDPREFIX}${ISOLATEDSUFFIX}/${ISOLATEDSEGMENT}\" destination address=\"$addr\" drop"
+#     $FWCMD $MKPERMANENT --zone=$HOMEZONE --add-rich-rule=\'$RULE\'
+# done
 
 
 # $FWCMD --reload
diff --git a/.gitea/workflows/isolation-check.yaml b/.gitea/workflows/isolation-check.yaml
index 3e23331..a73edba 100644
--- a/.gitea/workflows/isolation-check.yaml
+++ b/.gitea/workflows/isolation-check.yaml
@@ -47,6 +47,29 @@ jobs:
           echo
           cat /etc/resolv.conf
 
+      - name: Check external IP
+        run: |
+          echo "--- Checking external IP (https://ifconfig.me)"
+          for ignore in errors ; do
+            curl -4 icanhazip.com >/dev/null 2>&1 || echo 'Error getting ipv4' && true
+            curl -6 icanhazip.com >/dev/null 2>&1 || echo "Error getting ipv6" && true
+          done
+
+      - name: Outbound reachability sanity check
+        run: |
+          echo "=== OUTBOUND TEST ==="
+          for addr in https://google.com http://github.com ; do
+            curl -fsSL "$addr" >/dev/null 2>&1 && echo "$addr access OK" || echo "No internet access to $addr?"
+          done
+
+      - name: Traceroute to google.com
+        run: |
+          echo "=== Traceroutes ==="
+          for addr in google.com ; do
+            echo "--- Tracing to $addr ---"
+            traceroute -4 -n $addr
+          done
+
       - name: LAN reachability test
         run: |
           echo "=== LAN REACHABILITY ==="
@@ -54,35 +77,15 @@ jobs:
           ip route | grep -E "192\.168|10\.|172\.(1[6-9]|2[0-9]|3[01])" \
             && echo "!! Possible LAN route detected !!" \
             || echo "No direct LAN route found."
+
           echo "--- Checking for responses ---"
           for subnet in 192.168.0.1 192.168.1.1 10.0.0.1 172.16.0.1 172.17.0.1 \
           172.18.0.1 172.19.0.1 172.20.0.1 172.21.0.1 172.22.0.1 172.23.0.1 \
           172.24.0.1 192.168.1.185; do
-            ping -4 -n -c 4 $subnet >/dev/null 2>&1 && echo "$subnet ping response"
-            curl -s -m 5 http://$subnet:8098/docker-compose.yaml >/dev/null 2>&1 && echo "HTTP response at $subnet:8098"
-          done
-
-      - name: Check external IP
-        run: |
-          echo "--- Checking external IP (https://ifconfig.me)"
-          for ignore in errors ; do
-            curl -4 icanhazip.com >/dev/null 2>&1
-            curl -6 icanhazip.com >/dev/null 2>&1 || echo "Error getting ipv6" && true
-          done
-
-      - name: Outbound reachability sanity check
-        run: |
-          echo "=== OUTBOUND TEST ==="
-          for addr in https://google.com ; do
-            curl -fsSL "$addr" >/dev/null 2>&1 && echo "$addr access OK" || echo "No internet access to $addr?"
-          done
- 
-      - name: Traceroute to google.com
-        run: |
-          echo "=== Traceroutes ==="
-          for addr in google.com ; do
-            echo "--- Tracing to $addr ---"
-            traceroute -4 -n $addr
+            echo -n "$subnet ... "
+            ping -4 -n -c 1 $subnet >/dev/null 2>&1 && echo -n "ping response "
+            curl -m 3 http://$subnet:8098/docker-compose.yaml >/dev/null 2>&1 && echo -n "HTTP response "
+            echo ''
           done
 
       - name: Process visibility