From 236a8ea6f170dcab1484447b16d52d01c95b512f Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 20 Dec 2018 14:26:19 -0500
Subject: [PATCH 5/8] fw: enable RFC3964_IPv4 support

Actually call it and make it active now that both backends support it.

(cherry picked from commit 36139d2ae3fd9b0184d2b9668970c291d22276ce)
---
 src/firewall/core/fw.py | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index e8d77f11b2ae..a3089ce70eb8 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -817,24 +817,14 @@ class Firewall(object):
             transaction.add_rules(backend, rules)
 
         ipv6_backend = self.get_backend_by_ipv("ipv6")
-        if self.ipv6_rpfilter_enabled and \
-           "raw" in ipv6_backend.get_available_tables():
-
-            # Execute existing transaction
-            transaction.execute(True)
-            # Start new transaction
-            transaction.clear()
-
-            rules = ipv6_backend.build_rpfilter_rules(self._log_denied)
-            transaction.add_rules(ipv6_backend, rules)
+        if "raw" in ipv6_backend.get_available_tables():
+            if self.ipv6_rpfilter_enabled:
+                rules = ipv6_backend.build_rpfilter_rules(self._log_denied)
+                transaction.add_rules(ipv6_backend, rules)
 
-            # Execute ipv6_rpfilter transaction, it might fail
-            try:
-                transaction.execute(True)
-            except FirewallError as msg:
-                log.warning("Applying rules for ipv6_rpfilter failed: %s", msg)
-            # Start new transaction
-            transaction.clear()
+            if self._rfc3964_ipv4:
+                rules = ipv6_backend.build_rfc3964_ipv4_rules()
+                transaction.add_rules(ipv6_backend, rules)
 
         else:
             if use_transaction is None:
-- 
2.18.0