Blame SOURCES/firewalld-0.7-0021-rich-rules-allow-catch-all-rules.patch
|
 |
21c891 |
From b81c4e04ad26fd73dfdd024efd9fc60561ce0ab2 Mon Sep 17 00:00:00 2001
|
|
|
21c891 |
From: Eric Garver <e@erig.me>
|
|
|
21c891 |
Date: Thu, 8 Nov 2018 12:42:43 -0500
|
|
|
21c891 |
Subject: [PATCH 21/34] rich rules: allow catch-all rules
|
|
|
21c891 |
|
|
|
21c891 |
Since we now support rich rule priorities it makes sense to allow
|
|
|
21c891 |
catch-all rules if priority is specified. But disallow it for
|
|
|
21c891 |
priority==0 as this will cause unexpected results for the user (always
|
|
|
21c891 |
drop everything).
|
|
|
21c891 |
|
|
|
21c891 |
(cherry picked from commit df846d7a6c20582a2db79d690526662990e8541f)
|
|
|
21c891 |
---
|
|
|
21c891 |
src/firewall/core/rich.py | 2 +-
|
|
|
21c891 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
21c891 |
|
|
|
21c891 |
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
|
|
|
21c891 |
index c415bf39212f..f0e4af54f32c 100644
|
|
|
21c891 |
--- a/src/firewall/core/rich.py
|
|
|
21c891 |
+++ b/src/firewall/core/rich.py
|
|
|
21c891 |
@@ -544,7 +544,7 @@ class Rich_Rule(object):
|
|
|
21c891 |
if self.element is None:
|
|
|
21c891 |
if self.action is None:
|
|
|
21c891 |
raise FirewallError(errors.INVALID_RULE, "no element, no action")
|
|
|
21c891 |
- if self.source is None and self.destination is None:
|
|
|
21c891 |
+ if self.source is None and self.destination is None and self.priority == 0:
|
|
|
21c891 |
raise FirewallError(errors.INVALID_RULE, "no element, no source, no destination")
|
|
|
21c891 |
|
|
|
21c891 |
if type(self.element) not in [ Rich_IcmpBlock,
|
|
|
21c891 |
--
|
|
|
21c891 |
2.18.0
|
|
|
21c891 |
|