From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 8 Jun 2017 17:44:32 +0200
Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
conflicting family
Only raise error for an ICMP block in a rich-rule if a family has been
specified and conflicts with the ICMP destination.
Fixes: RHBZ#1459921
---
src/firewall/core/fw_zone.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 4f3f18c0..f47222e4 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
raise FirewallError(errors.INVALID_RULE,
"IcmpBlock not usable with accept action")
if ict.destination and ipv not in ict.destination:
+ if rule.family is None:
+ # Add for IPv4 or IPv6 depending on ict.destination
+ continue
raise FirewallError(
errors.INVALID_RULE,
"Icmp%s %s not usable with %s" % \