From 0ada4672b42c426de1ffc7f3ae2416629225369f Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 15 Feb 2021 09:53:02 -0500
Subject: [PATCH 19/22] fix(fw): when checking tables make sure to check the
actual backend
Calling get_backend_by_ipv() will return nftables if we're using
nftables backend, but we really need to check if iptables, et al. are
available.
(cherry picked from commit 48d97fb40929afbc1b0bc82759ad75b1937f6e3f)
(cherry picked from commit fba59a99735ec46d787141350564137abfec0c87)
---
src/firewall/core/fw.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 15284a4929e9..3eb54e37ab5c 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -131,18 +131,18 @@ class Firewall(object):
def _check_tables(self):
# check if iptables, ip6tables and ebtables are usable, else disable
if self.ip4tables_enabled and \
- "filter" not in self.get_backend_by_ipv("ipv4").get_available_tables():
- log.warning("iptables not usable, disabling IPv4 firewall.")
+ "filter" not in self.ip4tables_backend.get_available_tables():
+ log.info1("iptables is not usable.")
self.ip4tables_enabled = False
if self.ip6tables_enabled and \
- "filter" not in self.get_backend_by_ipv("ipv6").get_available_tables():
- log.warning("ip6tables not usable, disabling IPv6 firewall.")
+ "filter" not in self.ip6tables_backend.get_available_tables():
+ log.info1("ip6tables is not usable.")
self.ip6tables_enabled = False
if self.ebtables_enabled and \
- "filter" not in self.get_backend_by_ipv("eb").get_available_tables():
- log.warning("ebtables not usable, disabling ethernet bridge firewall.")
+ "filter" not in self.ebtables_backend.get_available_tables():
+ log.info1("ebtables is not usable.")
self.ebtables_enabled = False
# is there at least support for ipv4 or ipv6
--
2.27.0