rpms / firewalld

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0092-fix-nftables-forward-ports-should-only-affect-IPv4.patch
Blob Blame History Raw 
From 4618c4f00b7849e4e253329e9f40fbd20b6160a3 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Fri, 23 Aug 2019 14:56:28 -0400
Subject: [PATCH 92/99] fix: nftables: --forward-ports should only affect IPv4

As per man page. User should use rich rules for IPv6 forward ports.

(cherry picked from commit 816f62a294245b4ba67fdf794dc3caebad50d5b5)
(cherry picked from commit df065ab7853b75ff266deb495b79c9919a2608cd)
---
 src/firewall/core/nftables.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index baa6a7f58cfb..9d88e72f42bf 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1040,10 +1040,10 @@ class nftables(object):
             rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                 protocol, mark_fragment, toaddr, toport, "ip"))
         else:
-            if not toaddr or check_single_address("ipv6", toaddr):
+            if toaddr and check_single_address("ipv6", toaddr):
                 rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                     protocol, mark_fragment, toaddr, toport, "ip6"))
-            if not toaddr or check_single_address("ipv4", toaddr):
+            else:
                 rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                     protocol, mark_fragment, toaddr, toport, "ip"))
 
-- 
2.20.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation