|
 |
21c891 |
From 8c2afad1a02de4018e8f5f4caabbd0211be9fe80 Mon Sep 17 00:00:00 2001
|
|
|
21c891 |
From: Eric Garver <e@erig.me>
|
|
|
21c891 |
Date: Wed, 5 Dec 2018 19:11:06 -0500
|
|
|
21c891 |
Subject: [PATCH 12/34] nftables: fix ipv6 rich rule forward-ports
|
|
|
21c891 |
|
|
|
21c891 |
The were mistakenly being added to the ipv4 nat tables as well.
|
|
|
21c891 |
|
|
|
21c891 |
Fixes: #422
|
|
|
21c891 |
Fixes: b630abd8e901 ("backend: introduce nftables support")
|
|
|
21c891 |
(cherry picked from commit 628657cdafa7ba3217fb031c748f5a7d32924c90)
|
|
|
21c891 |
(cherry picked from commit d293fbeb583c273120ad1172fa953493324b2228)
|
|
|
21c891 |
---
|
|
|
21c891 |
src/firewall/core/nftables.py | 2 +-
|
|
|
21c891 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
21c891 |
|
|
|
21c891 |
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
|
21c891 |
index 00a02ad149e5..a1cb2c474737 100644
|
|
|
21c891 |
--- a/src/firewall/core/nftables.py
|
|
|
21c891 |
+++ b/src/firewall/core/nftables.py
|
|
|
21c891 |
@@ -980,7 +980,7 @@ class nftables(object):
|
|
|
21c891 |
or toaddr and check_single_address("ipv6", toaddr)):
|
|
|
21c891 |
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
|
21c891 |
protocol, mark_fragment, toaddr, toport, "ip6"))
|
|
|
21c891 |
- if rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
|
|
|
21c891 |
+ elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
|
|
|
21c891 |
or toaddr and check_single_address("ipv4", toaddr)):
|
|
|
21c891 |
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
|
21c891 |
protocol, mark_fragment, toaddr, toport, "ip"))
|
|
|
21c891 |
--
|
|
|
21c891 |
2.18.0
|
|
|
21c891 |
|