firewalld/0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch

42 lines
1.6 KiB
Diff
Raw Normal View History

From fa0bce3d45563e28b8beea1cb0ee325f4a82ebf9 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 21 Sep 2018 15:55:50 -0400
Subject: [PATCH] fw_zone: expose _ipset_match_flags()
Rename __ipset_match_flags() to _ipset_match_flags() so it may be used
outside the class. With the iptables backend this fixes rich rules that
match a source using an ipset.
Fixes: #374
---
src/firewall/core/fw_zone.py | 2 +-
src/firewall/core/ipXtables.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 2d794393..ca90f7fb 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1519,7 +1519,7 @@ def _ipset_family(self, name):
def __ipset_type(self, name):
return self._fw.ipset.get_type(name)
- def __ipset_match_flags(self, name, flag):
+ def _ipset_match_flags(self, name, flag):
return ",".join([flag] * self._fw.ipset.get_dimension(name))
def _check_ipset_applied(self, name):
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
index 66af2a26..02a518d2 100644
--- a/src/firewall/core/ipXtables.py
+++ b/src/firewall/core/ipXtables.py
@@ -852,7 +852,7 @@ def _rich_rule_source_fragment(self, rich_source):
rule_fragment += [ "-m", "set" ]
if rich_source.invert:
rule_fragment.append("!")
- flags = self._fw.zone.__ipset_match_flags(rich_source.ipset, "src")
+ flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src")
rule_fragment += [ "--match-set", rich_source.ipset, flags ]
return rule_fragment