From 236a8ea6f170dcab1484447b16d52d01c95b512f Mon Sep 17 00:00:00 2001

From: Eric Garver <e@erig.me>

Date: Thu, 20 Dec 2018 14:26:19 -0500

Subject: [PATCH 5/8] fw: enable RFC3964_IPv4 support

Actually call it and make it active now that both backends support it.

(cherry picked from commit 36139d2ae3fd9b0184d2b9668970c291d22276ce)

---

 src/firewall/core/fw.py | 24 +++++++-----------------

 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py

index e8d77f11b2ae..a3089ce70eb8 100644

--- a/src/firewall/core/fw.py

+++ b/src/firewall/core/fw.py

@@ -817,24 +817,14 @@ class Firewall(object):

             transaction.add_rules(backend, rules)

         ipv6_backend = self.get_backend_by_ipv("ipv6")

-        if self.ipv6_rpfilter_enabled and \

-           "raw" in ipv6_backend.get_available_tables():

-

-            # Execute existing transaction

-            transaction.execute(True)

-            # Start new transaction

-            transaction.clear()

-

-            rules = ipv6_backend.build_rpfilter_rules(self._log_denied)

-            transaction.add_rules(ipv6_backend, rules)

+        if "raw" in ipv6_backend.get_available_tables():

+            if self.ipv6_rpfilter_enabled:

+                rules = ipv6_backend.build_rpfilter_rules(self._log_denied)

+                transaction.add_rules(ipv6_backend, rules)

-            # Execute ipv6_rpfilter transaction, it might fail

-            try:

-                transaction.execute(True)

-            except FirewallError as msg:

-                log.warning("Applying rules for ipv6_rpfilter failed: %s", msg)

-            # Start new transaction

-            transaction.clear()

+            if self._rfc3964_ipv4:

+                rules = ipv6_backend.build_rfc3964_ipv4_rules()

+                transaction.add_rules(ipv6_backend, rules)

         else:

             if use_transaction is None:

-- 

2.18.0