From f80a02d760b1810bb5a3021aabb78ed20f5e629d Mon Sep 17 00:00:00 2001

From: Thomas Woerner <twoerner@redhat.com>

Date: Mon, 22 May 2017 17:56:41 +0200

Subject: [PATCH 2/6] firewall.core.fw: Get NAT helpers and store them

 internally.

The NAT helpers are stored internally to be able to use them in zones with the

conntrack helpers.

This is needed for RHBZ#1452681

(cherry picked from commit f0109e044e5601fba20d42db24c25e8e8cf804a0)

---

 src/firewall/core/fw.py | 11 +++++++++++

 1 file changed, 11 insertions(+)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py

index 8dbe59b6e3b5..4db856c4e17d 100644

--- a/src/firewall/core/fw.py

+++ b/src/firewall/core/fw.py

@@ -114,6 +114,7 @@ class Firewall(object):

         self._automatic_helpers = config.FALLBACK_AUTOMATIC_HELPERS

         self.nf_conntrack_helper_setting = 0

         self.nf_conntrack_helpers = { }

+        self.nf_nat_helpers = { }

     def individual_calls(self):

         return self._individual_calls

@@ -203,8 +204,18 @@ class Firewall(object):

                     log.debug1("  %s: %s", key, ", ".join(values))

             else:

                 log.debug1("No conntrack helpers supported by the kernel.")

+

+            self.nf_nat_helpers = functions.get_nf_nat_helpers()

+            if len(self.nf_nat_helpers) > 0:

+                log.debug1("NAT helpers supported by the kernel:")

+                for key,values in self.nf_nat_helpers.items():

+                    log.debug1("  %s: %s", key, ", ".join(values))

+            else:

+                log.debug1("No NAT helpers supported by the kernel.")

+

         else:

             self.nf_conntrack_helpers = { }

+            self.nf_nat_helpers = { }

             log.warning("modinfo command is missing, not able to detect conntrack helpers.")

     def _start(self, reload=False, complete_reload=False):

-- 

2.12.0