rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0045-fix-zone-detect-same-source-interface-in-zones.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   b8221bbaf4448961fe83bfcd2b17181fe7d416f8
  2.   SOURCES
  3.   0045-fix-zone-detect-same-source-interface-in-zones.patch
Blob History Raw
b8221b 
From 8311259a6e2a6ac475c3d8c9a2df099469bf8277 Mon Sep 17 00:00:00 2001
b8221b 
From: Eric Garver <eric@garver.life>
b8221b 
Date: Wed, 27 Oct 2021 10:13:59 -0400
b8221b 
Subject: [PATCH 45/50] fix(zone): detect same source/interface in zones
b8221b
b8221b 
Fixes: rhbz2014383
b8221b 
(cherry picked from commit 4b721abb087a529596722a045a63a65af2e0566a)
b8221b 
(cherry picked from commit 081fcfe7b255b2e0f91c4a3dc55539e4cfd4b7d1)
b8221b 
---
b8221b 
 src/firewall/core/io/zone.py | 15 +++++++++++++++
b8221b 
 1 file changed, 15 insertions(+)
b8221b
b8221b 
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
b8221b 
index 3aea94a13155..4291ec9cba00 100644
b8221b 
--- a/src/firewall/core/io/zone.py
b8221b 
+++ b/src/firewall/core/io/zone.py
b8221b 
@@ -193,11 +193,26 @@ class Zone(IO_Object):
b8221b 
             for interface in config:
b8221b 
                 if not checkInterface(interface):
b8221b 
                     raise FirewallError(errors.INVALID_INTERFACE, interface)
b8221b 
+                if self.fw_config:
b8221b 
+                    for zone in self.fw_config.get_zones():
b8221b 
+                        if zone == self.name:
b8221b 
+                            continue
b8221b 
+                        if interface in self.fw_config.get_zone(zone).interfaces:
b8221b 
+                            raise FirewallError(errors.INVALID_INTERFACE,
b8221b 
+                                    "interface '{}' already bound to zone '{}'".format(interface, zone))
b8221b 
         elif item == "sources":
b8221b 
             for source in config:
b8221b 
                 if not checkIPnMask(source) and not checkIP6nMask(source) and \
b8221b 
                    not check_mac(source) and not source.startswith("ipset:"):
b8221b 
                     raise FirewallError(errors.INVALID_ADDR, source)
b8221b 
+                if self.fw_config:
b8221b 
+                    for zone in self.fw_config.get_zones():
b8221b 
+                        if zone == self.name:
b8221b 
+                            continue
b8221b 
+                        if source in self.fw_config.get_zone(zone).sources:
b8221b 
+                            raise FirewallError(errors.INVALID_ADDR,
b8221b 
+                                    "source '{}' already bound to zone '{}'".format(source, zone))
b8221b 
+
b8221b
b8221b 
     def check_name(self, name):
b8221b 
         super(Zone, self).check_name(name)
b8221b 
--
b8221b 
2.27.0
b8221b

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation