|
 |
c8bceb |
From 64d043d8a4fcb1aa9ab0dcfc7c52061cb080e6b9 Mon Sep 17 00:00:00 2001
|
|
|
c8bceb |
From: Eric Garver <e@erig.me>
|
|
|
c8bceb |
Date: Mon, 17 Dec 2018 12:53:30 -0500
|
|
|
c8bceb |
Subject: [PATCH 14/23] nftables: Allow interfaces with wildcards
|
|
|
c8bceb |
|
|
|
c8bceb |
Fixes: rhbz 1644025
|
|
|
c8bceb |
(cherry picked from commit aa01eda4c87dd7b5c1f1e884fc7332c6317fed02)
|
|
|
c8bceb |
---
|
|
|
c8bceb |
src/firewall/core/nftables.py | 7 +++++--
|
|
|
c8bceb |
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
c8bceb |
|
|
|
c8bceb |
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
|
c8bceb |
index a1cb2c474737..50303e94ed7b 100644
|
|
|
c8bceb |
--- a/src/firewall/core/nftables.py
|
|
|
c8bceb |
+++ b/src/firewall/core/nftables.py
|
|
|
c8bceb |
@@ -475,6 +475,9 @@ class nftables(object):
|
|
|
c8bceb |
"OUTPUT": "oifname",
|
|
|
c8bceb |
}[chain]
|
|
|
c8bceb |
|
|
|
c8bceb |
+ if interface[len(interface)-1] == "+":
|
|
|
c8bceb |
+ interface = interface[:len(interface)-1] + "*"
|
|
|
c8bceb |
+
|
|
|
c8bceb |
target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone)
|
|
|
c8bceb |
if zone_target == DEFAULT_ZONE_TARGET:
|
|
|
c8bceb |
action = "goto"
|
|
|
c8bceb |
@@ -486,10 +489,10 @@ class nftables(object):
|
|
|
c8bceb |
rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)]
|
|
|
c8bceb |
else:
|
|
|
c8bceb |
rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)]
|
|
|
c8bceb |
- if interface == "+":
|
|
|
c8bceb |
+ if interface == "*":
|
|
|
c8bceb |
rule += [action, "%s_%s" % (table, target)]
|
|
|
c8bceb |
else:
|
|
|
c8bceb |
- rule += [opt, interface, action, "%s_%s" % (table, target)]
|
|
|
c8bceb |
+ rule += [opt, "\"" + interface + "\"", action, "%s_%s" % (table, target)]
|
|
|
c8bceb |
return [rule]
|
|
|
c8bceb |
|
|
|
c8bceb |
def build_zone_source_address_rules(self, enable, zone, zone_target,
|
|
|
c8bceb |
--
|
|
|
c8bceb |
2.20.1
|
|
|
c8bceb |
|