|
 |
dddd59 |
commit 32474c134556731553c3985bb315ec0ee5f83c99
|
|
|
dddd59 |
Author: Thomas Woerner <twoerner@redhat.com>
|
|
|
dddd59 |
Date: Mon Sep 5 15:58:43 2016 +0200
|
|
|
dddd59 |
|
|
|
dddd59 |
firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules
|
|
|
dddd59 |
|
|
|
dddd59 |
In set_rules, the rules are grouped by table to be able to create the
|
|
|
dddd59 |
iptables-save format without changing the table serveral times.
|
|
|
dddd59 |
|
|
|
dddd59 |
For this the table is extracted from the rule and therefore also removed from
|
|
|
dddd59 |
the rule. But this is not done on a copy of the rule, but the internal rule.
|
|
|
dddd59 |
This results in remogin the table information from the rule completely, which
|
|
|
dddd59 |
is an issue if the rule can not be applied in the transaction and the
|
|
|
dddd59 |
generous_mode is used to be able to assign the rules one by one. This is the
|
|
|
dddd59 |
case for rules saved in direct.xml.
|
|
|
dddd59 |
|
|
|
dddd59 |
Fixes issue #152
|
|
|
dddd59 |
|
|
|
dddd59 |
diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py
|
|
|
dddd59 |
index cbb1895..a9b044a 100644
|
|
|
dddd59 |
--- a/src/firewall/core/ebtables.py
|
|
|
dddd59 |
+++ b/src/firewall/core/ebtables.py
|
|
|
dddd59 |
@@ -117,15 +117,18 @@ class ebtables(object):
|
|
|
dddd59 |
|
|
|
dddd59 |
table = "filter"
|
|
|
dddd59 |
table_rules = { }
|
|
|
dddd59 |
- for rule in rules:
|
|
|
dddd59 |
- try:
|
|
|
dddd59 |
- i = rule.index("-t")
|
|
|
dddd59 |
- except Exception:
|
|
|
dddd59 |
- pass
|
|
|
dddd59 |
- else:
|
|
|
dddd59 |
- if len(rule) >= i+1:
|
|
|
dddd59 |
- rule.pop(i)
|
|
|
dddd59 |
- table = rule.pop(i)
|
|
|
dddd59 |
+ for _rule in rules:
|
|
|
dddd59 |
+ rule = _rule[:]
|
|
|
dddd59 |
+ # get table form rule
|
|
|
dddd59 |
+ for opt in [ "-t", "--table" ]:
|
|
|
dddd59 |
+ try:
|
|
|
dddd59 |
+ i = rule.index(opt)
|
|
|
dddd59 |
+ except ValueError:
|
|
|
dddd59 |
+ pass
|
|
|
dddd59 |
+ else:
|
|
|
dddd59 |
+ if len(rule) >= i+1:
|
|
|
dddd59 |
+ rule.pop(i)
|
|
|
dddd59 |
+ table = rule.pop(i)
|
|
|
dddd59 |
|
|
|
dddd59 |
# we can not use joinArgs here, because it would use "'" instead
|
|
|
dddd59 |
# of '"' for the start and end of the string, this breaks
|
|
|
dddd59 |
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
|
|
|
dddd59 |
index a3ba443..c6d7a1f 100644
|
|
|
dddd59 |
--- a/src/firewall/core/ipXtables.py
|
|
|
dddd59 |
+++ b/src/firewall/core/ipXtables.py
|
|
|
dddd59 |
@@ -203,7 +203,8 @@ class ip4tables(object):
|
|
|
dddd59 |
temp_file = tempFile()
|
|
|
dddd59 |
|
|
|
dddd59 |
table_rules = { }
|
|
|
dddd59 |
- for rule in rules:
|
|
|
dddd59 |
+ for _rule in rules:
|
|
|
dddd59 |
+ rule = _rule[:]
|
|
|
dddd59 |
table = "filter"
|
|
|
dddd59 |
# get table form rule
|
|
|
dddd59 |
for opt in [ "-t", "--table" ]:
|