rpms / firewalld

Clone
Source Code
GIT

Files

  1.   21c891623aedfc93c402340bdbb20138c7b6dcba
  2.   SOURCES
  3.   firewalld-0.7-0017-nftables-build-rule_key-properly-for-delete-verb.patch
Blob Blame History Raw 
From 838a1561e4812601a35e294523c7aaf5361c60ef Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Tue, 13 Nov 2018 16:00:30 -0500
Subject: [PATCH 17/34] nftables: build rule_key properly for delete verb

When deleting a rule make sure to strip the index/position from the rule
string.

(cherry picked from commit 7b40ad43f120dd08176fb3c52cdc94722f0a72bb)
---
 src/firewall/core/nftables.py | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index a1cb2c474737..47b1c27dc8cc 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -169,6 +169,21 @@ class nftables(object):
         nft_opts = ["--echo", "--handle"]
         _args = args[:]
 
+        def rule_key_from_rule(rule):
+            rule_key = rule[2:]
+            if rule_key[3] in ["position", "handle", "index"]:
+                # strip "position #"
+                # "insert rule family table chain position <num>"
+                #              ^^ rule_key starts here
+                try:
+                    int(rule_key[4])
+                except Exception:
+                    raise FirewallError(INVALID_RULE, "position without a number")
+                else:
+                    rule_key.pop(3)
+                    rule_key.pop(3)
+            return " ".join(rule_key)
+
         # If we're deleting a table (i.e. build_flush_rules())
         # then check if its exist first to avoid nft throwing an error
         if _args[0] == "delete" and _args[1] == "table":
@@ -181,23 +196,10 @@ class nftables(object):
         rule_key = None
         if _args[0] in ["add", "insert"] and _args[1] == "rule":
             rule_add = True
-            rule_key = _args[2:]
-            if rule_key[3] == "position":
-                # strip "position #"
-                # "insert rule family table chain position <num>"
-                #              ^^ rule_key starts here
-                try:
-                    int(rule_key[4])
-                except Exception:
-                    raise FirewallError(INVALID_RULE, "position without a number")
-                else:
-                    rule_key.pop(3)
-                    rule_key.pop(3)
-            rule_key = " ".join(rule_key)
+            rule_key = rule_key_from_rule(_args)
         elif _args[0] in ["delete"] and _args[1] == "rule":
             rule_add = False
-            rule_key = _args[2:]
-            rule_key = " ".join(rule_key)
+            rule_key = rule_key_from_rule(_args)
             # delete using rule handle
             _args = ["delete", "rule"] + _args[2:5] + \
                     ["handle", self.rule_to_handle[rule_key]]
-- 
2.18.0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation