From fa0bce3d45563e28b8beea1cb0ee325f4a82ebf9 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 21 Sep 2018 15:55:50 -0400
Subject: [PATCH] fw_zone: expose _ipset_match_flags()

Rename __ipset_match_flags() to _ipset_match_flags() so it may be used
outside the class. With the iptables backend this fixes rich rules that
match a source using an ipset.

Fixes: #374
---
 src/firewall/core/fw_zone.py   | 2 +-
 src/firewall/core/ipXtables.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 2d794393..ca90f7fb 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1519,7 +1519,7 @@ def _ipset_family(self, name):
     def __ipset_type(self, name):
         return self._fw.ipset.get_type(name)
 
-    def __ipset_match_flags(self, name, flag):
+    def _ipset_match_flags(self, name, flag):
         return ",".join([flag] * self._fw.ipset.get_dimension(name))
 
     def _check_ipset_applied(self, name):
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
index 66af2a26..02a518d2 100644
--- a/src/firewall/core/ipXtables.py
+++ b/src/firewall/core/ipXtables.py
@@ -852,7 +852,7 @@ def _rich_rule_source_fragment(self, rich_source):
             rule_fragment += [ "-m", "set" ]
             if rich_source.invert:
                 rule_fragment.append("!")
-            flags = self._fw.zone.__ipset_match_flags(rich_source.ipset, "src")
+            flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src")
             rule_fragment += [ "--match-set", rich_source.ipset, flags ]
 
         return rule_fragment