|
 |
24f428 |
From 1bff55e87dd4a65613222e437f794468b2f70048 Mon Sep 17 00:00:00 2001
|
|
|
24f428 |
From: Eric Garver <eric@garver.life>
|
|
|
24f428 |
Date: Mon, 18 Mar 2019 15:09:19 -0400
|
|
|
24f428 |
Subject: [PATCH 22/23] fw_zone: forward-ports: only enable IP forwarding if
|
|
|
24f428 |
toaddr used
|
|
|
24f428 |
|
|
|
24f428 |
Fixes: #335
|
|
|
24f428 |
Fixes: rhbz 1679610
|
|
|
24f428 |
(cherry picked from commit 01ad269d475f19048085e15178806671a83f6d44)
|
|
|
24f428 |
---
|
|
|
24f428 |
src/firewall/core/fw_zone.py | 5 +++--
|
|
|
24f428 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
24f428 |
|
|
|
24f428 |
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
|
|
|
24f428 |
index db90c32be540..d5eafb863439 100644
|
|
|
24f428 |
--- a/src/firewall/core/fw_zone.py
|
|
|
24f428 |
+++ b/src/firewall/core/fw_zone.py
|
|
|
24f428 |
@@ -1702,7 +1702,7 @@ class FirewallZone(object):
|
|
|
24f428 |
for ipv in ipvs:
|
|
|
24f428 |
if backend.is_ipv_supported(ipv):
|
|
|
24f428 |
self.check_forward_port(ipv, port, protocol, toport, toaddr)
|
|
|
24f428 |
- if enable:
|
|
|
24f428 |
+ if toaddr and enable:
|
|
|
24f428 |
zone_transaction.add_post(enable_ip_forwarding, ipv)
|
|
|
24f428 |
|
|
|
24f428 |
if enable:
|
|
|
24f428 |
@@ -1914,7 +1914,8 @@ class FirewallZone(object):
|
|
|
24f428 |
zone_transaction.add_chain("nat", "PREROUTING")
|
|
|
24f428 |
zone_transaction.add_chain("filter", filter_chain)
|
|
|
24f428 |
|
|
|
24f428 |
- zone_transaction.add_post(enable_ip_forwarding, ipv)
|
|
|
24f428 |
+ if toaddr and enable:
|
|
|
24f428 |
+ zone_transaction.add_post(enable_ip_forwarding, ipv)
|
|
|
24f428 |
backend = self._fw.get_backend_by_ipv(ipv)
|
|
|
24f428 |
rules = backend.build_zone_forward_port_rules(
|
|
|
24f428 |
enable, zone, filter_chain, port, protocol, toport,
|
|
|
24f428 |
--
|
|
|
24f428 |
2.20.1
|
|
|
24f428 |
|