From 4618c4f00b7849e4e253329e9f40fbd20b6160a3 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Fri, 23 Aug 2019 14:56:28 -0400
Subject: [PATCH 92/99] fix: nftables: --forward-ports should only affect IPv4

As per man page. User should use rich rules for IPv6 forward ports.

(cherry picked from commit 816f62a294245b4ba67fdf794dc3caebad50d5b5)
(cherry picked from commit df065ab7853b75ff266deb495b79c9919a2608cd)
---
 src/firewall/core/nftables.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index baa6a7f58cfb..9d88e72f42bf 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1040,10 +1040,10 @@ class nftables(object):
             rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                 protocol, mark_fragment, toaddr, toport, "ip"))
         else:
-            if not toaddr or check_single_address("ipv6", toaddr):
+            if toaddr and check_single_address("ipv6", toaddr):
                 rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                     protocol, mark_fragment, toaddr, toport, "ip6"))
-            if not toaddr or check_single_address("ipv4", toaddr):
+            else:
                 rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
                                     protocol, mark_fragment, toaddr, toport, "ip"))
 
-- 
2.20.1