rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix_rhbz#1459921.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   34791e0bba6090d486b156518ac1e7660f6f31c2
  2.   SOURCES
  3.   firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix_rhbz#1459921.patch
Blob History Raw
34791e 
From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
34791e 
From: Thomas Woerner <twoerner@redhat.com>
34791e 
Date: Thu, 8 Jun 2017 17:44:32 +0200
34791e 
Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
34791e 
 conflicting family
34791e
34791e 
Only raise error for an ICMP block in a rich-rule if a family has been
34791e 
specified and conflicts with the ICMP destination.
34791e
34791e 
Fixes: RHBZ#1459921
34791e 
---
34791e 
 src/firewall/core/fw_zone.py | 3 +++
34791e 
 1 file changed, 3 insertions(+)
34791e
34791e 
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
34791e 
index 4f3f18c0..f47222e4 100644
34791e 
--- a/src/firewall/core/fw_zone.py
34791e 
+++ b/src/firewall/core/fw_zone.py
34791e 
@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
34791e 
                     raise FirewallError(errors.INVALID_RULE,
34791e 
                                         "IcmpBlock not usable with accept action")
34791e 
                 if ict.destination and ipv not in ict.destination:
34791e 
+                    if rule.family is None:
34791e 
+                        # Add for IPv4 or IPv6 depending on ict.destination
34791e 
+                        continue
34791e 
                     raise FirewallError(
34791e 
                         errors.INVALID_RULE,
34791e 
                         "Icmp%s %s not usable with %s" % \

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation