From de28755c4e14224f6303c864327fffe7d2639268 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 13 Sep 2021 15:45:53 -0400
Subject: [PATCH 38/50] fix(nftables): do not log icmp block if inversion

Fixes: #696
Fixes: rhbz1945833
(cherry picked from commit 50a5ed2d0fa6169c6780488dae931a3b4fce47ab)
(cherry picked from commit a451b033200b289c6fac823f7dce23c37a38a3d1)
---
 src/firewall/core/nftables.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index e3ae988bbdab..29a9a2492032 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1601,7 +1601,7 @@ class nftables(object):
                     rule.update(self._rich_rule_priority_fragment(rich_rule))
                     rules.append({add_del: {"rule": rule}})
             else:
-                if self._fw.get_log_denied() != "off" and self._fw.policy.query_icmp_block_inversion(policy):
+                if self._fw.get_log_denied() != "off" and not self._fw.policy.query_icmp_block_inversion(policy):
                     rules.append({add_del: {"rule": {"family": "inet",
                                                      "table": TABLE_NAME,
                                                      "chain": final_chain,
-- 
2.27.0