|
 |
21c891 |
From 808f10c2fcf38d756f1f7f8814d27894fc9f369f Mon Sep 17 00:00:00 2001
|
|
|
21c891 |
From: Eric Garver <e@erig.me>
|
|
|
21c891 |
Date: Mon, 17 Dec 2018 12:53:30 -0500
|
|
|
21c891 |
Subject: [PATCH 1/4] nftables: Allow interfaces with wildcards
|
|
|
21c891 |
|
|
|
21c891 |
Fixes: rhbz 1644025
|
|
|
21c891 |
(cherry picked from commit aa01eda4c87dd7b5c1f1e884fc7332c6317fed02)
|
|
|
21c891 |
---
|
|
|
21c891 |
src/firewall/core/nftables.py | 7 +++++--
|
|
|
21c891 |
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
21c891 |
|
|
|
21c891 |
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
|
21c891 |
index 8e24721c94f5..d0d1f6d1610d 100644
|
|
|
21c891 |
--- a/src/firewall/core/nftables.py
|
|
|
21c891 |
+++ b/src/firewall/core/nftables.py
|
|
|
21c891 |
@@ -529,6 +529,9 @@ class nftables(object):
|
|
|
21c891 |
"OUTPUT": "oifname",
|
|
|
21c891 |
}[chain]
|
|
|
21c891 |
|
|
|
21c891 |
+ if interface[len(interface)-1] == "+":
|
|
|
21c891 |
+ interface = interface[:len(interface)-1] + "*"
|
|
|
21c891 |
+
|
|
|
21c891 |
target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone)
|
|
|
21c891 |
if zone_target == DEFAULT_ZONE_TARGET:
|
|
|
21c891 |
action = "goto"
|
|
|
21c891 |
@@ -540,10 +543,10 @@ class nftables(object):
|
|
|
21c891 |
rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)]
|
|
|
21c891 |
else:
|
|
|
21c891 |
rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)]
|
|
|
21c891 |
- if interface == "+":
|
|
|
21c891 |
+ if interface == "*":
|
|
|
21c891 |
rule += [action, "%s_%s" % (table, target)]
|
|
|
21c891 |
else:
|
|
|
21c891 |
- rule += [opt, interface, action, "%s_%s" % (table, target)]
|
|
|
21c891 |
+ rule += [opt, "\"" + interface + "\"", action, "%s_%s" % (table, target)]
|
|
|
21c891 |
return [rule]
|
|
|
21c891 |
|
|
|
21c891 |
def build_zone_source_address_rules(self, enable, zone, zone_target,
|
|
|
21c891 |
--
|
|
|
21c891 |
2.18.0
|
|
|
21c891 |
|