From f80a02d760b1810bb5a3021aabb78ed20f5e629d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 22 May 2017 17:56:41 +0200 Subject: [PATCH 2/6] firewall.core.fw: Get NAT helpers and store them internally. The NAT helpers are stored internally to be able to use them in zones with the conntrack helpers. This is needed for RHBZ#1452681 (cherry picked from commit f0109e044e5601fba20d42db24c25e8e8cf804a0) --- src/firewall/core/fw.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py index 8dbe59b6e3b5..4db856c4e17d 100644 --- a/src/firewall/core/fw.py +++ b/src/firewall/core/fw.py @@ -114,6 +114,7 @@ class Firewall(object): self._automatic_helpers = config.FALLBACK_AUTOMATIC_HELPERS self.nf_conntrack_helper_setting = 0 self.nf_conntrack_helpers = { } + self.nf_nat_helpers = { } def individual_calls(self): return self._individual_calls @@ -203,8 +204,18 @@ class Firewall(object): log.debug1(" %s: %s", key, ", ".join(values)) else: log.debug1("No conntrack helpers supported by the kernel.") + + self.nf_nat_helpers = functions.get_nf_nat_helpers() + if len(self.nf_nat_helpers) > 0: + log.debug1("NAT helpers supported by the kernel:") + for key,values in self.nf_nat_helpers.items(): + log.debug1(" %s: %s", key, ", ".join(values)) + else: + log.debug1("No NAT helpers supported by the kernel.") + else: self.nf_conntrack_helpers = { } + self.nf_nat_helpers = { } log.warning("modinfo command is missing, not able to detect conntrack helpers.") def _start(self, reload=False, complete_reload=False): -- 2.12.0