rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0026-rich-rules-fix-Rich_Mark-logic.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0026-rich-rules-fix-Rich_Mark-logic.patch
Blob History Raw
136e2c 
From 845b0d5875fc1561ea291feb38a4247523066b31 Mon Sep 17 00:00:00 2001
136e2c 
From: Felix Kaechele <heffer@fedoraproject.org>
136e2c 
Date: Sat, 23 Mar 2019 13:30:47 -0400
136e2c 
Subject: [PATCH 26/73] rich rules: fix Rich_Mark logic
136e2c
136e2c 
We are looking to compare the type, not the object.
136e2c 
Without this fix ipXtables will only mark the very first packet of a connection.
136e2c
136e2c 
Signed-off-by: Felix Kaechele <heffer@fedoraproject.org>
136e2c 
(cherry picked from commit 12e281ae870d278f2260adfe6b9f6a5f7b059b87)
136e2c 
(cherry picked from commit 0900bec8c1bcbe9dee444c7466b30686679c3bf1)
136e2c 
---
136e2c 
 src/firewall/core/ipXtables.py | 6 +++---
136e2c 
 1 file changed, 3 insertions(+), 3 deletions(-)
136e2c
136e2c 
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
136e2c 
index 4f04ac41f6a0..c21dc47457b3 100644
136e2c 
--- a/src/firewall/core/ipXtables.py
136e2c 
+++ b/src/firewall/core/ipXtables.py
136e2c 
@@ -870,7 +870,7 @@ class ip4tables(object):
136e2c 
         if rich_rule:
136e2c 
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
136e2c 
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
136e2c 
-        if not rich_rule or rich_rule.action != Rich_Mark:
136e2c 
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
136e2c 
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
136e2c
136e2c 
         rules = []
136e2c 
@@ -895,7 +895,7 @@ class ip4tables(object):
136e2c 
         if rich_rule:
136e2c 
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
136e2c 
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
136e2c 
-        if not rich_rule or rich_rule.action != Rich_Mark:
136e2c 
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
136e2c 
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
136e2c
136e2c 
         rules = []
136e2c 
@@ -923,7 +923,7 @@ class ip4tables(object):
136e2c 
         if rich_rule:
136e2c 
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
136e2c 
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
136e2c 
-        if not rich_rule or rich_rule.action != Rich_Mark:
136e2c 
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
136e2c 
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
136e2c
136e2c 
         rules = []
136e2c 
--
136e2c 
2.20.1
136e2c

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation