c8bceb
From 845b0d5875fc1561ea291feb38a4247523066b31 Mon Sep 17 00:00:00 2001
c8bceb
From: Felix Kaechele <heffer@fedoraproject.org>
c8bceb
Date: Sat, 23 Mar 2019 13:30:47 -0400
c8bceb
Subject: [PATCH 26/73] rich rules: fix Rich_Mark logic
c8bceb
c8bceb
We are looking to compare the type, not the object.
c8bceb
Without this fix ipXtables will only mark the very first packet of a connection.
c8bceb
c8bceb
Signed-off-by: Felix Kaechele <heffer@fedoraproject.org>
c8bceb
(cherry picked from commit 12e281ae870d278f2260adfe6b9f6a5f7b059b87)
c8bceb
(cherry picked from commit 0900bec8c1bcbe9dee444c7466b30686679c3bf1)
c8bceb
---
c8bceb
 src/firewall/core/ipXtables.py | 6 +++---
c8bceb
 1 file changed, 3 insertions(+), 3 deletions(-)
c8bceb
c8bceb
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
c8bceb
index 4f04ac41f6a0..c21dc47457b3 100644
c8bceb
--- a/src/firewall/core/ipXtables.py
c8bceb
+++ b/src/firewall/core/ipXtables.py
c8bceb
@@ -870,7 +870,7 @@ class ip4tables(object):
c8bceb
         if rich_rule:
c8bceb
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
c8bceb
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
c8bceb
-        if not rich_rule or rich_rule.action != Rich_Mark:
c8bceb
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
c8bceb
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
c8bceb
 
c8bceb
         rules = []
c8bceb
@@ -895,7 +895,7 @@ class ip4tables(object):
c8bceb
         if rich_rule:
c8bceb
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
c8bceb
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
c8bceb
-        if not rich_rule or rich_rule.action != Rich_Mark:
c8bceb
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
c8bceb
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
c8bceb
 
c8bceb
         rules = []
c8bceb
@@ -923,7 +923,7 @@ class ip4tables(object):
c8bceb
         if rich_rule:
c8bceb
             rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination)
c8bceb
             rule_fragment += self._rich_rule_source_fragment(rich_rule.source)
c8bceb
-        if not rich_rule or rich_rule.action != Rich_Mark:
c8bceb
+        if not rich_rule or type(rich_rule.action) != Rich_Mark:
c8bceb
             rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ]
c8bceb
 
c8bceb
         rules = []
c8bceb
-- 
c8bceb
2.20.1
c8bceb