From 0ada4672b42c426de1ffc7f3ae2416629225369f Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 15 Feb 2021 09:53:02 -0500 Subject: [PATCH 19/22] fix(fw): when checking tables make sure to check the actual backend Calling get_backend_by_ipv() will return nftables if we're using nftables backend, but we really need to check if iptables, et al. are available. (cherry picked from commit 48d97fb40929afbc1b0bc82759ad75b1937f6e3f) (cherry picked from commit fba59a99735ec46d787141350564137abfec0c87) --- src/firewall/core/fw.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py index 15284a4929e9..3eb54e37ab5c 100644 --- a/src/firewall/core/fw.py +++ b/src/firewall/core/fw.py @@ -131,18 +131,18 @@ class Firewall(object): def _check_tables(self): # check if iptables, ip6tables and ebtables are usable, else disable if self.ip4tables_enabled and \ - "filter" not in self.get_backend_by_ipv("ipv4").get_available_tables(): - log.warning("iptables not usable, disabling IPv4 firewall.") + "filter" not in self.ip4tables_backend.get_available_tables(): + log.info1("iptables is not usable.") self.ip4tables_enabled = False if self.ip6tables_enabled and \ - "filter" not in self.get_backend_by_ipv("ipv6").get_available_tables(): - log.warning("ip6tables not usable, disabling IPv6 firewall.") + "filter" not in self.ip6tables_backend.get_available_tables(): + log.info1("ip6tables is not usable.") self.ip6tables_enabled = False if self.ebtables_enabled and \ - "filter" not in self.get_backend_by_ipv("eb").get_available_tables(): - log.warning("ebtables not usable, disabling ethernet bridge firewall.") + "filter" not in self.ebtables_backend.get_available_tables(): + log.info1("ebtables is not usable.") self.ebtables_enabled = False # is there at least support for ipv4 or ipv6 -- 2.27.0