|
 |
36ae71 |
commit 7f1f7e7983d6f7a84bdff7d2c78eda07090b8bcb
|
|
|
36ae71 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
36ae71 |
Date: Thu Jan 16 19:57:30 2014 +0100
|
|
|
36ae71 |
|
|
|
36ae71 |
Fixed missing rule in zones not using the default target (RHBZ#1053932)
|
|
|
36ae71 |
|
|
|
36ae71 |
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
index 8921bba..fc1c418 100644
|
|
|
36ae71 |
--- a/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
+++ b/src/firewall/core/fw_zone.py
|
|
|
36ae71 |
@@ -206,10 +206,11 @@ class FirewallZone:
|
|
|
36ae71 |
# called from those chains
|
|
|
36ae71 |
# - DROP is not supported in nat table
|
|
|
36ae71 |
target = self._zones[zone].target
|
|
|
36ae71 |
- if target != DEFAULT_ZONE_TARGET and \
|
|
|
36ae71 |
- ((target in [ "REJECT", "%%REJECT%%" ] and chain in
|
|
|
36ae71 |
- [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]) or \
|
|
|
36ae71 |
- (target == "DROP" and table != "nat")):
|
|
|
36ae71 |
+ if target != DEFAULT_ZONE_TARGET and not \
|
|
|
36ae71 |
+ ((target in [ "REJECT", "%%REJECT%%" ] and \
|
|
|
36ae71 |
+ chain not in [ "INPUT", "FORWARD_IN", "FORWARD_OUT",
|
|
|
36ae71 |
+ "OUTPUT" ]) or \
|
|
|
36ae71 |
+ (target == "DROP" and table == "nat")):
|
|
|
36ae71 |
rules.append((ipv, [ _zone, 4, "-t", table,
|
|
|
36ae71 |
"-j", self._zones[zone].target ]))
|
|
|
36ae71 |
|