commit 7f1f7e7983d6f7a84bdff7d2c78eda07090b8bcb Author: Thomas Woerner Date: Thu Jan 16 19:57:30 2014 +0100 Fixed missing rule in zones not using the default target (RHBZ#1053932) diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py index 8921bba..fc1c418 100644 --- a/src/firewall/core/fw_zone.py +++ b/src/firewall/core/fw_zone.py @@ -206,10 +206,11 @@ class FirewallZone: # called from those chains # - DROP is not supported in nat table target = self._zones[zone].target - if target != DEFAULT_ZONE_TARGET and \ - ((target in [ "REJECT", "%%REJECT%%" ] and chain in - [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]) or \ - (target == "DROP" and table != "nat")): + if target != DEFAULT_ZONE_TARGET and not \ + ((target in [ "REJECT", "%%REJECT%%" ] and \ + chain not in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", + "OUTPUT" ]) or \ + (target == "DROP" and table == "nat")): rules.append((ipv, [ _zone, 4, "-t", table, "-j", self._zones[zone].target ]))