|
 |
136e2c |
From 4618c4f00b7849e4e253329e9f40fbd20b6160a3 Mon Sep 17 00:00:00 2001
|
|
|
136e2c |
From: Eric Garver <eric@garver.life>
|
|
|
136e2c |
Date: Fri, 23 Aug 2019 14:56:28 -0400
|
|
|
136e2c |
Subject: [PATCH 92/99] fix: nftables: --forward-ports should only affect IPv4
|
|
|
136e2c |
|
|
|
136e2c |
As per man page. User should use rich rules for IPv6 forward ports.
|
|
|
136e2c |
|
|
|
136e2c |
(cherry picked from commit 816f62a294245b4ba67fdf794dc3caebad50d5b5)
|
|
|
136e2c |
(cherry picked from commit df065ab7853b75ff266deb495b79c9919a2608cd)
|
|
|
136e2c |
---
|
|
|
136e2c |
src/firewall/core/nftables.py | 4 ++--
|
|
|
136e2c |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
136e2c |
|
|
|
136e2c |
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
|
136e2c |
index baa6a7f58cfb..9d88e72f42bf 100644
|
|
|
136e2c |
--- a/src/firewall/core/nftables.py
|
|
|
136e2c |
+++ b/src/firewall/core/nftables.py
|
|
|
136e2c |
@@ -1040,10 +1040,10 @@ class nftables(object):
|
|
|
136e2c |
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
|
136e2c |
protocol, mark_fragment, toaddr, toport, "ip"))
|
|
|
136e2c |
else:
|
|
|
136e2c |
- if not toaddr or check_single_address("ipv6", toaddr):
|
|
|
136e2c |
+ if toaddr and check_single_address("ipv6", toaddr):
|
|
|
136e2c |
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
|
136e2c |
protocol, mark_fragment, toaddr, toport, "ip6"))
|
|
|
136e2c |
- if not toaddr or check_single_address("ipv4", toaddr):
|
|
|
136e2c |
+ else:
|
|
|
136e2c |
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
|
136e2c |
protocol, mark_fragment, toaddr, toport, "ip"))
|
|
|
136e2c |
|
|
|
136e2c |
--
|
|
|
136e2c |
2.20.1
|
|
|
136e2c |
|