|
 |
63f414 |
From 0ada4672b42c426de1ffc7f3ae2416629225369f Mon Sep 17 00:00:00 2001
|
|
|
63f414 |
From: Eric Garver <eric@garver.life>
|
|
|
63f414 |
Date: Mon, 15 Feb 2021 09:53:02 -0500
|
|
|
63f414 |
Subject: [PATCH 19/22] fix(fw): when checking tables make sure to check the
|
|
|
63f414 |
actual backend
|
|
|
63f414 |
|
|
|
63f414 |
Calling get_backend_by_ipv() will return nftables if we're using
|
|
|
63f414 |
nftables backend, but we really need to check if iptables, et al. are
|
|
|
63f414 |
available.
|
|
|
63f414 |
|
|
|
63f414 |
(cherry picked from commit 48d97fb40929afbc1b0bc82759ad75b1937f6e3f)
|
|
|
63f414 |
(cherry picked from commit fba59a99735ec46d787141350564137abfec0c87)
|
|
|
63f414 |
---
|
|
|
63f414 |
src/firewall/core/fw.py | 12 ++++++------
|
|
|
63f414 |
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
63f414 |
|
|
|
63f414 |
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
|
|
|
63f414 |
index 15284a4929e9..3eb54e37ab5c 100644
|
|
|
63f414 |
--- a/src/firewall/core/fw.py
|
|
|
63f414 |
+++ b/src/firewall/core/fw.py
|
|
|
63f414 |
@@ -131,18 +131,18 @@ class Firewall(object):
|
|
|
63f414 |
def _check_tables(self):
|
|
|
63f414 |
# check if iptables, ip6tables and ebtables are usable, else disable
|
|
|
63f414 |
if self.ip4tables_enabled and \
|
|
|
63f414 |
- "filter" not in self.get_backend_by_ipv("ipv4").get_available_tables():
|
|
|
63f414 |
- log.warning("iptables not usable, disabling IPv4 firewall.")
|
|
|
63f414 |
+ "filter" not in self.ip4tables_backend.get_available_tables():
|
|
|
63f414 |
+ log.info1("iptables is not usable.")
|
|
|
63f414 |
self.ip4tables_enabled = False
|
|
|
63f414 |
|
|
|
63f414 |
if self.ip6tables_enabled and \
|
|
|
63f414 |
- "filter" not in self.get_backend_by_ipv("ipv6").get_available_tables():
|
|
|
63f414 |
- log.warning("ip6tables not usable, disabling IPv6 firewall.")
|
|
|
63f414 |
+ "filter" not in self.ip6tables_backend.get_available_tables():
|
|
|
63f414 |
+ log.info1("ip6tables is not usable.")
|
|
|
63f414 |
self.ip6tables_enabled = False
|
|
|
63f414 |
|
|
|
63f414 |
if self.ebtables_enabled and \
|
|
|
63f414 |
- "filter" not in self.get_backend_by_ipv("eb").get_available_tables():
|
|
|
63f414 |
- log.warning("ebtables not usable, disabling ethernet bridge firewall.")
|
|
|
63f414 |
+ "filter" not in self.ebtables_backend.get_available_tables():
|
|
|
63f414 |
+ log.info1("ebtables is not usable.")
|
|
|
63f414 |
self.ebtables_enabled = False
|
|
|
63f414 |
|
|
|
63f414 |
# is there at least support for ipv4 or ipv6
|
|
|
63f414 |
--
|
|
|
63f414 |
2.27.0
|
|
|
63f414 |
|