From 1bff55e87dd4a65613222e437f794468b2f70048 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 18 Mar 2019 15:09:19 -0400 Subject: [PATCH 22/23] fw_zone: forward-ports: only enable IP forwarding if toaddr used Fixes: #335 Fixes: rhbz 1679610 (cherry picked from commit 01ad269d475f19048085e15178806671a83f6d44) --- src/firewall/core/fw_zone.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py index db90c32be540..d5eafb863439 100644 --- a/src/firewall/core/fw_zone.py +++ b/src/firewall/core/fw_zone.py @@ -1702,7 +1702,7 @@ class FirewallZone(object): for ipv in ipvs: if backend.is_ipv_supported(ipv): self.check_forward_port(ipv, port, protocol, toport, toaddr) - if enable: + if toaddr and enable: zone_transaction.add_post(enable_ip_forwarding, ipv) if enable: @@ -1914,7 +1914,8 @@ class FirewallZone(object): zone_transaction.add_chain("nat", "PREROUTING") zone_transaction.add_chain("filter", filter_chain) - zone_transaction.add_post(enable_ip_forwarding, ipv) + if toaddr and enable: + zone_transaction.add_post(enable_ip_forwarding, ipv) backend = self._fw.get_backend_by_ipv(ipv) rules = backend.build_zone_forward_port_rules( enable, zone, filter_chain, port, protocol, toport, -- 2.20.1