|
 |
36ae71 |
commit b2b5b88c56feffe09ddacf5ed348bc587f84160c
|
|
|
36ae71 |
Author: Jiri Popelka <jpopelka@redhat.com>
|
|
|
36ae71 |
Date: Mon Jan 27 16:05:25 2014 +0100
|
|
|
36ae71 |
|
|
|
36ae71 |
Stop default zone rules being applied to all zones (RHBZ#1057875)
|
|
|
36ae71 |
|
|
|
36ae71 |
We had already fixed this once with 3253df5 but then
|
|
|
36ae71 |
I made incomplete 3e7b0da and made this regression.
|
|
|
36ae71 |
|
|
|
36ae71 |
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
index 407d21d..1e99fef 100644
|
|
|
36ae71 |
--- a/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
+++ b/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
@@ -440,7 +440,10 @@ class FirewallZone:
|
|
|
36ae71 |
opt = INTERFACE_ZONE_OPTS[chain]
|
|
|
36ae71 |
target = DEFAULT_ZONE_TARGET.format(
|
|
|
36ae71 |
chain=SHORTCUTS[chain], zone=zone)
|
|
|
36ae71 |
- action = "-g" if "_ZONE_" in target else "-j"
|
|
|
36ae71 |
+ if self._zones[zone].target == DEFAULT_ZONE_TARGET:
|
|
|
36ae71 |
+ action = "-g"
|
|
|
36ae71 |
+ else:
|
|
|
36ae71 |
+ action = "-j"
|
|
|
36ae71 |
rule = [ "%s_ZONES" % chain, "-t", table,
|
|
|
36ae71 |
opt, interface, action, target ]
|
|
|
36ae71 |
if enable and not append:
|
|
|
36ae71 |
@@ -575,7 +578,10 @@ class FirewallZone:
|
|
|
36ae71 |
# DROP is not supported in nat table
|
|
|
36ae71 |
continue
|
|
|
36ae71 |
# append rule
|
|
|
36ae71 |
- action = "-g" if "_ZONE_" in target else "-j"
|
|
|
36ae71 |
+ if self._zones[zone].target == DEFAULT_ZONE_TARGET:
|
|
|
36ae71 |
+ action = "-g"
|
|
|
36ae71 |
+ else:
|
|
|
36ae71 |
+ action = "-j"
|
|
|
36ae71 |
rule = [ "%s_ZONES_SOURCE" % chain, "-t", table,
|
|
|
36ae71 |
opt, source, action, target ]
|
|
|
36ae71 |
rules.append((ipv, rule))
|