Blame SOURCES/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix_rhbz#1459921.patch
|
|
34791e |
From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
|
|
|
34791e |
From: Thomas Woerner <twoerner@redhat.com>
|
|
|
34791e |
Date: Thu, 8 Jun 2017 17:44:32 +0200
|
|
|
34791e |
Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
|
|
|
34791e |
conflicting family
|
|
|
34791e |
|
|
|
34791e |
Only raise error for an ICMP block in a rich-rule if a family has been
|
|
|
34791e |
specified and conflicts with the ICMP destination.
|
|
|
34791e |
|
|
|
34791e |
Fixes: RHBZ#1459921
|
|
|
34791e |
---
|
|
|
34791e |
src/firewall/core/fw_zone.py | 3 +++
|
|
|
34791e |
1 file changed, 3 insertions(+)
|
|
|
34791e |
|
|
|
34791e |
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
|
|
|
34791e |
index 4f3f18c0..f47222e4 100644
|
|
|
34791e |
--- a/src/firewall/core/fw_zone.py
|
|
|
34791e |
+++ b/src/firewall/core/fw_zone.py
|
|
|
34791e |
@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
|
|
|
34791e |
raise FirewallError(errors.INVALID_RULE,
|
|
|
34791e |
"IcmpBlock not usable with accept action")
|
|
|
34791e |
if ict.destination and ipv not in ict.destination:
|
|
|
34791e |
+ if rule.family is None:
|
|
|
34791e |
+ # Add for IPv4 or IPv6 depending on ict.destination
|
|
|
34791e |
+ continue
|
|
|
34791e |
raise FirewallError(
|
|
|
34791e |
errors.INVALID_RULE,
|
|
|
34791e |
"Icmp%s %s not usable with %s" % \
|