From acc3cfe586947cd2d98d4b8b4303cca127ffc396 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 22 May 2017 18:07:03 +0200
Subject: [PATCH 6/6] firewall.server.firewalld: New property for NAT helpers
 supported by the kernel

The property nf_nat_helpers provides a dict with the nat helpers in a similar
way as nf_conntrack_helpers.

New description for the property nf_nat_helpers in firewalld.dbus man page.

Related: RHBZ#1452681
(cherry picked from commit 34558ad775afd9476c4ec5373b9bc9ee03a195af)
---
 doc/xml/firewalld.dbus.xml       |  4 ++++
 src/firewall/server/firewalld.py | 11 +++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml
index 52b5b3b0f955..92fe5c843dfc 100644
--- a/doc/xml/firewalld.dbus.xml
+++ b/doc/xml/firewalld.dbus.xml
@@ -467,6 +467,10 @@
             <term><parameter>nf_conntrack_helpers</parameter> - a{sas} - (ro)</term>
             <listitem><para>The list of conntrack helpers supported by the kernel.</para></listitem>
           </varlistentry>
+          <varlistentry id="FirewallD1.Properties.nf_nat_helpers">
+            <term><parameter>nf_nat_helpers</parameter> - a{sas} - (ro)</term>
+            <listitem><para>The list of nat helpers supported by the kernel.</para></listitem>
+          </varlistentry>
 	  <varlistentry id="FirewallD1.Properties.interface_version">
             <term><parameter>interface_version</parameter> - s - (ro)</term>
             <listitem><para>firewalld D-Bus interface version string.</para></listitem>
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
index 8c4bd4f0c66a..9c5d463de793 100644
--- a/src/firewall/server/firewalld.py
+++ b/src/firewall/server/firewalld.py
@@ -182,6 +182,9 @@ class FirewallD(slip.dbus.service.Object):
         elif prop == "nf_conntrack_helpers":
             return dbus.Dictionary(self.fw.nf_conntrack_helpers, "sas")
 
+        elif prop == "nf_nat_helpers":
+            return dbus.Dictionary(self.fw.nf_nat_helpers, "sas")
+
         else:
             raise dbus.exceptions.DBusException(
                 "org.freedesktop.DBus.Error.InvalidArgs: "
@@ -222,8 +225,8 @@ class FirewallD(slip.dbus.service.Object):
             for x in [ "version", "interface_version", "state",
                        "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE",
                        "IPSet", "IPSetTypes", "nf_conntrack_helper_setting",
-                       "nf_conntrack_helpers", "IPv4ICMPTypes",
-                       "IPv6ICMPTypes" ]:
+                       "nf_conntrack_helpers", "nf_nat_helpers",
+                       "IPv4ICMPTypes", "IPv6ICMPTypes" ]:
                 ret[x] = self._get_property(x)
         elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE,
                                  config.dbus.DBUS_INTERFACE_DIRECT,
@@ -253,8 +256,8 @@ class FirewallD(slip.dbus.service.Object):
                                   "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE",
                                   "IPSet", "IPSetTypes",
                                   "nf_conntrack_helper_setting",
-                                  "nf_conntrack_helpers", "IPv4ICMPTypes",
-                                  "IPv6ICMPTypes" ]:
+                                  "nf_conntrack_helpers", "nf_nat_helpers",
+                                  "IPv4ICMPTypes", "IPv6ICMPTypes" ]:
                 raise dbus.exceptions.DBusException(
                     "org.freedesktop.DBus.Error.PropertyReadOnly: "
                     "Property '%s' is read-only" % property_name)
-- 
2.12.0