|
 |
00cd46 |
From d4f35b11f2edb1cf680ed2081a14b599ef3f3b63 Mon Sep 17 00:00:00 2001
|
|
|
00cd46 |
From: Eric Garver <eric@garver.life>
|
|
|
00cd46 |
Date: Mon, 31 Aug 2020 15:38:34 -0400
|
|
|
00cd46 |
Subject: [PATCH 55/62] fix(ipXtables): rich: avoid duplicate rules for
|
|
|
00cd46 |
icmp-type w/ mark action
|
|
|
00cd46 |
|
|
|
00cd46 |
This is a stable only fix. It does not occur on master.
|
|
|
00cd46 |
|
|
|
00cd46 |
(cherry picked from commit 9b7ba2fcedace408aae498fea1c973a988370808)
|
|
|
00cd46 |
---
|
|
|
00cd46 |
src/firewall/core/ipXtables.py | 7 ++++++-
|
|
|
00cd46 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
00cd46 |
|
|
|
00cd46 |
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
|
|
|
00cd46 |
index b1d6c202fda7..c4535f2e5818 100644
|
|
|
00cd46 |
--- a/src/firewall/core/ipXtables.py
|
|
|
00cd46 |
+++ b/src/firewall/core/ipXtables.py
|
|
|
00cd46 |
@@ -1240,8 +1240,13 @@ class ip4tables(object):
|
|
|
00cd46 |
proto = [ "-p", "ipv6-icmp" ]
|
|
|
00cd46 |
match = [ "-m", "icmp6", "--icmpv6-type", ict.name ]
|
|
|
00cd46 |
|
|
|
00cd46 |
+ if rich_rule and rich_rule.action and isinstance(rich_rule.action, Rich_Mark):
|
|
|
00cd46 |
+ chains = ["PREROUTING"]
|
|
|
00cd46 |
+ else:
|
|
|
00cd46 |
+ chains = ["INPUT", "FORWARD_IN"]
|
|
|
00cd46 |
+
|
|
|
00cd46 |
rules = []
|
|
|
00cd46 |
- for chain in ["INPUT", "FORWARD_IN"]:
|
|
|
00cd46 |
+ for chain in chains:
|
|
|
00cd46 |
target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain],
|
|
|
00cd46 |
zone=zone)
|
|
|
00cd46 |
if self._fw.zone.query_icmp_block_inversion(zone):
|
|
|
00cd46 |
--
|
|
|
00cd46 |
2.28.0
|
|
|
00cd46 |
|