rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0006-nftables-fix-rich-rule-masquerade.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c8bceb8bf3db2fe79739fc14eb36252dbd2fa1e2
  2.   SOURCES
  3.   0006-nftables-fix-rich-rule-masquerade.patch
Blob History Raw
c8bceb 
From 681ca12830d89c8b2f527c7ffee7e75ce83f1abc Mon Sep 17 00:00:00 2001
c8bceb 
From: Eric Garver <e@erig.me>
c8bceb 
Date: Wed, 5 Dec 2018 17:16:30 -0500
c8bceb 
Subject: [PATCH 06/23] nftables: fix rich rule masquerade
c8bceb
c8bceb 
(cherry picked from commit aee4948e86fde6df8205b07f4da58e2a8c07377c)
c8bceb 
---
c8bceb 
 src/firewall/core/nftables.py | 7 +++----
c8bceb 
 1 file changed, 3 insertions(+), 4 deletions(-)
c8bceb
c8bceb 
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
c8bceb 
index 44cd4f9e1752..00a02ad149e5 100644
c8bceb 
--- a/src/firewall/core/nftables.py
c8bceb 
+++ b/src/firewall/core/nftables.py
c8bceb 
@@ -900,7 +900,6 @@ class nftables(object):
c8bceb
c8bceb 
         rule_fragment = []
c8bceb 
         if rich_rule:
c8bceb 
-            rule_fragment += self._rich_rule_family_fragment(rich_rule.family)
c8bceb 
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
c8bceb 
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
c8bceb
c8bceb 
@@ -912,10 +911,10 @@ class nftables(object):
c8bceb 
         # nat tables needs to use ip/ip6 family
c8bceb 
         rules = []
c8bceb 
         if rich_rule and (rich_rule.family and rich_rule.family == "ipv6"
c8bceb 
-           or rich_rule.source and check_address("ipv6", rich_rule.source)):
c8bceb 
+           or rich_rule.source and check_address("ipv6", rich_rule.source.addr)):
c8bceb 
             rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule))
c8bceb 
-        if rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
c8bceb 
-           or rich_rule.source and check_address("ipv4", rich_rule.source)):
c8bceb 
+        elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
c8bceb 
+           or rich_rule.source and check_address("ipv4", rich_rule.source.addr)):
c8bceb 
             rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule))
c8bceb 
         else:
c8bceb 
             rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule))
c8bceb 
--
c8bceb 
2.20.1
c8bceb

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation