|
 |
24f428 |
From 0552d4eb28bfb42f05443ef69d8c0099dd0d9b6d Mon Sep 17 00:00:00 2001
|
|
|
24f428 |
From: Eric Garver <e@erig.me>
|
|
|
24f428 |
Date: Wed, 5 Dec 2018 16:29:49 -0500
|
|
|
24f428 |
Subject: [PATCH 05/23] fw_zone: fix IPv6 rich rule forward-port without toaddr
|
|
|
24f428 |
|
|
|
24f428 |
Using a rich rule with family=ipv6 and no toaddr specified was silently
|
|
|
24f428 |
not applying any rules.
|
|
|
24f428 |
|
|
|
24f428 |
(cherry picked from commit 2210822a2450a7b9ed853593c3d88aca1c43c2fc)
|
|
|
24f428 |
---
|
|
|
24f428 |
src/firewall/core/fw_zone.py | 11 ++---------
|
|
|
24f428 |
1 file changed, 2 insertions(+), 9 deletions(-)
|
|
|
24f428 |
|
|
|
24f428 |
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
|
|
|
24f428 |
index 816fa50340b3..db90c32be540 100644
|
|
|
24f428 |
--- a/src/firewall/core/fw_zone.py
|
|
|
24f428 |
+++ b/src/firewall/core/fw_zone.py
|
|
|
24f428 |
@@ -1702,17 +1702,10 @@ class FirewallZone(object):
|
|
|
24f428 |
for ipv in ipvs:
|
|
|
24f428 |
if backend.is_ipv_supported(ipv):
|
|
|
24f428 |
self.check_forward_port(ipv, port, protocol, toport, toaddr)
|
|
|
24f428 |
-
|
|
|
24f428 |
- if check_single_address("ipv6", toaddr):
|
|
|
24f428 |
- ipv = "ipv6"
|
|
|
24f428 |
- else:
|
|
|
24f428 |
- ipv = "ipv4"
|
|
|
24f428 |
-
|
|
|
24f428 |
- if not backend.is_ipv_supported(ipv):
|
|
|
24f428 |
- continue
|
|
|
24f428 |
+ if enable:
|
|
|
24f428 |
+ zone_transaction.add_post(enable_ip_forwarding, ipv)
|
|
|
24f428 |
|
|
|
24f428 |
if enable:
|
|
|
24f428 |
- zone_transaction.add_post(enable_ip_forwarding, ipv)
|
|
|
24f428 |
mark_id = self._fw.new_mark()
|
|
|
24f428 |
|
|
|
24f428 |
filter_chain = "INPUT" if not toaddr else "FORWARD_IN"
|
|
|
24f428 |
--
|
|
|
24f428 |
2.20.1
|
|
|
24f428 |
|