|
 |
ea8ea4 |
From 4d33cd57a4a2c51fe30249aa5bc4f6137f8962bb Mon Sep 17 00:00:00 2001
|
|
|
ea8ea4 |
From: Eric Garver <eric@garver.life>
|
|
|
ea8ea4 |
Date: Wed, 26 Feb 2020 12:58:54 -0500
|
|
|
ea8ea4 |
Subject: [PATCH 149/154] fix: ipXtables: remove square brackets from IPv6
|
|
|
ea8ea4 |
addresses
|
|
|
ea8ea4 |
|
|
|
ea8ea4 |
(cherry picked from commit 75f198ad73915567e1fd9df50104f55da209d06a)
|
|
|
ea8ea4 |
(cherry picked from commit f47eae6a61f24784588741e5517889201d796e42)
|
|
|
ea8ea4 |
---
|
|
|
ea8ea4 |
src/firewall/core/ipXtables.py | 25 +++++++++++++++++++++----
|
|
|
ea8ea4 |
1 file changed, 21 insertions(+), 4 deletions(-)
|
|
|
ea8ea4 |
|
|
|
ea8ea4 |
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
|
|
|
ea8ea4 |
index 8f39fecc6132..f68b2bae8f3a 100644
|
|
|
ea8ea4 |
--- a/src/firewall/core/ipXtables.py
|
|
|
ea8ea4 |
+++ b/src/firewall/core/ipXtables.py
|
|
|
ea8ea4 |
@@ -26,7 +26,7 @@ from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET
|
|
|
ea8ea4 |
from firewall.core.prog import runProg
|
|
|
ea8ea4 |
from firewall.core.logger import log
|
|
|
ea8ea4 |
from firewall.functions import tempFile, readfile, splitArgs, check_mac, portStr, \
|
|
|
ea8ea4 |
- check_single_address
|
|
|
ea8ea4 |
+ check_single_address, check_address, normalizeIP6
|
|
|
ea8ea4 |
from firewall import config
|
|
|
ea8ea4 |
from firewall.errors import FirewallError, INVALID_PASSTHROUGH, INVALID_RULE
|
|
|
ea8ea4 |
from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark
|
|
|
ea8ea4 |
@@ -752,6 +752,11 @@ class ip4tables(object):
|
|
|
ea8ea4 |
"-m", "mac", "--mac-source", address.upper(),
|
|
|
ea8ea4 |
action, target ]
|
|
|
ea8ea4 |
else:
|
|
|
ea8ea4 |
+ if check_single_address("ipv6", address):
|
|
|
ea8ea4 |
+ address = normalizeIP6(address)
|
|
|
ea8ea4 |
+ elif check_address("ipv6", address):
|
|
|
ea8ea4 |
+ addr_split = address.split("/")
|
|
|
ea8ea4 |
+ address = normalizeIP6(addr_split[0]) + "/" + addr_split[1]
|
|
|
ea8ea4 |
rule = [ add_del, zone_dispatch_chain,
|
|
|
ea8ea4 |
"%%ZONE_SOURCE%%", zone,
|
|
|
ea8ea4 |
"-t", table,
|
|
|
ea8ea4 |
@@ -883,7 +888,13 @@ class ip4tables(object):
|
|
|
ea8ea4 |
rule_fragment = []
|
|
|
ea8ea4 |
if rich_dest.invert:
|
|
|
ea8ea4 |
rule_fragment.append("!")
|
|
|
ea8ea4 |
- rule_fragment += [ "-d", rich_dest.addr ]
|
|
|
ea8ea4 |
+ if check_single_address("ipv6", rich_dest.addr):
|
|
|
ea8ea4 |
+ rule_fragment += [ "-d", normalizeIP6(rich_dest.addr) ]
|
|
|
ea8ea4 |
+ elif check_address("ipv6", rich_dest.addr):
|
|
|
ea8ea4 |
+ addr_split = rich_dest.addr.split("/")
|
|
|
ea8ea4 |
+ rule_fragment += [ "-d", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ]
|
|
|
ea8ea4 |
+ else:
|
|
|
ea8ea4 |
+ rule_fragment += [ "-d", rich_dest.addr ]
|
|
|
ea8ea4 |
|
|
|
ea8ea4 |
return rule_fragment
|
|
|
ea8ea4 |
|
|
|
ea8ea4 |
@@ -895,7 +906,13 @@ class ip4tables(object):
|
|
|
ea8ea4 |
if rich_source.addr:
|
|
|
ea8ea4 |
if rich_source.invert:
|
|
|
ea8ea4 |
rule_fragment.append("!")
|
|
|
ea8ea4 |
- rule_fragment += [ "-s", rich_source.addr ]
|
|
|
ea8ea4 |
+ if check_single_address("ipv6", rich_source.addr):
|
|
|
ea8ea4 |
+ rule_fragment += [ "-s", normalizeIP6(rich_source.addr) ]
|
|
|
ea8ea4 |
+ elif check_address("ipv6", rich_source.addr):
|
|
|
ea8ea4 |
+ addr_split = rich_source.addr.split("/")
|
|
|
ea8ea4 |
+ rule_fragment += [ "-s", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ]
|
|
|
ea8ea4 |
+ else:
|
|
|
ea8ea4 |
+ rule_fragment += [ "-s", rich_source.addr ]
|
|
|
ea8ea4 |
elif hasattr(rich_source, "mac") and rich_source.mac:
|
|
|
ea8ea4 |
rule_fragment += [ "-m", "mac" ]
|
|
|
ea8ea4 |
if rich_source.invert:
|
|
|
ea8ea4 |
@@ -1042,7 +1059,7 @@ class ip4tables(object):
|
|
|
ea8ea4 |
to = ""
|
|
|
ea8ea4 |
if toaddr:
|
|
|
ea8ea4 |
if check_single_address("ipv6", toaddr):
|
|
|
ea8ea4 |
- to += "[%s]" % toaddr
|
|
|
ea8ea4 |
+ to += "[%s]" % normalizeIP6(toaddr)
|
|
|
ea8ea4 |
else:
|
|
|
ea8ea4 |
to += toaddr
|
|
|
ea8ea4 |
if toport and toport != "":
|
|
|
ea8ea4 |
--
|
|
|
ea8ea4 |
2.25.2
|
|
|
ea8ea4 |
|