|
|
843f86 |
From 5a864808c03b703fd9073133fd185347703177c7 Mon Sep 17 00:00:00 2001
|
|
|
843f86 |
From: Thomas Woerner <twoerner@redhat.com>
|
|
|
843f86 |
Date: Mon, 22 May 2017 17:50:40 +0200
|
|
|
843f86 |
Subject: [PATCH 1/6] firewall.functions: New function get_nf_nat_helpers
|
|
|
843f86 |
|
|
|
843f86 |
This function returns a dict { module: [helper, ..], .. } similar to
|
|
|
843f86 |
get_nf_conntrack_helpers but for NAT helpers only. NAT helpers are not part
|
|
|
843f86 |
of the dict that is returned by get_nf_conntrack_helpers as it only lists
|
|
|
843f86 |
connection tracking helpers.
|
|
|
843f86 |
|
|
|
843f86 |
This is needed for RHBZ#1452681
|
|
|
843f86 |
|
|
|
843f86 |
(cherry picked from commit 577668e9b788e9982e90f331d934aaa8d79cae56)
|
|
|
843f86 |
---
|
|
|
843f86 |
src/firewall/functions.py | 22 +++++++++++++++++++++-
|
|
|
843f86 |
1 file changed, 21 insertions(+), 1 deletion(-)
|
|
|
843f86 |
|
|
|
843f86 |
diff --git a/src/firewall/functions.py b/src/firewall/functions.py
|
|
|
843f86 |
index 71d39a540754..07e65ab7c7f8 100644
|
|
|
843f86 |
--- a/src/firewall/functions.py
|
|
|
843f86 |
+++ b/src/firewall/functions.py
|
|
|
843f86 |
@@ -25,7 +25,7 @@ __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName",
|
|
|
843f86 |
"firewalld_is_active", "tempFile", "readfile", "writefile",
|
|
|
843f86 |
"enable_ip_forwarding", "get_nf_conntrack_helper_setting",
|
|
|
843f86 |
"set_nf_conntrack_helper_setting", "get_nf_conntrack_helpers",
|
|
|
843f86 |
- "check_port", "check_address",
|
|
|
843f86 |
+ "get_nf_nat_helpers", "check_port", "check_address",
|
|
|
843f86 |
"check_single_address", "check_mac", "uniqify", "ppid_of_pid",
|
|
|
843f86 |
"max_zone_name_len", "checkUser", "checkUid", "checkCommand",
|
|
|
843f86 |
"checkContext", "joinArgs", "splitArgs",
|
|
|
843f86 |
@@ -351,6 +351,26 @@ def get_nf_conntrack_helpers():
|
|
|
843f86 |
helpers.setdefault(module, [ ]).append(helper)
|
|
|
843f86 |
return helpers
|
|
|
843f86 |
|
|
|
843f86 |
+def get_nf_nat_helpers():
|
|
|
843f86 |
+ kver = os.uname()[2]
|
|
|
843f86 |
+ path = "/lib/modules/%s/kernel/net/netfilter/" % kver
|
|
|
843f86 |
+ helpers = { }
|
|
|
843f86 |
+ if os.path.isdir(path):
|
|
|
843f86 |
+ for filename in sorted(os.listdir(path)):
|
|
|
843f86 |
+ if not filename.startswith("nf_nat_"):
|
|
|
843f86 |
+ continue
|
|
|
843f86 |
+ module = filename.split(".")[0]
|
|
|
843f86 |
+ (status, ret) = runProg(COMMANDS["modinfo"], [ module, ])
|
|
|
843f86 |
+ if status != 0:
|
|
|
843f86 |
+ continue
|
|
|
843f86 |
+ alias = None
|
|
|
843f86 |
+ for line in ret.split("\n"):
|
|
|
843f86 |
+ if line.startswith("description:") and "NAT helper" in line:
|
|
|
843f86 |
+ helper = module.replace("nf_nat_", "")
|
|
|
843f86 |
+ helper = helper.replace("_", "-")
|
|
|
843f86 |
+ helpers.setdefault(module, [ ]).append(helper)
|
|
|
843f86 |
+ return helpers
|
|
|
843f86 |
+
|
|
|
843f86 |
def get_nf_conntrack_helper_setting():
|
|
|
843f86 |
try:
|
|
|
843f86 |
return int(readfile("/proc/sys/net/netfilter/nf_conntrack_helper")[0])
|
|
|
843f86 |
--
|
|
|
843f86 |
2.12.0
|
|
|
843f86 |
|