30 lines
1.2 KiB
Diff
30 lines
1.2 KiB
Diff
From 628657cdafa7ba3217fb031c748f5a7d32924c90 Mon Sep 17 00:00:00 2001
|
|
From: Eric Garver <e@erig.me>
|
|
Date: Wed, 5 Dec 2018 19:11:06 -0500
|
|
Subject: [PATCH 050/127] nftables: fix ipv6 rich rule forward-ports
|
|
|
|
The were mistakenly being added to the ipv4 nat tables as well.
|
|
|
|
Fixes: #422
|
|
Fixes: b630abd8e901 ("backend: introduce nftables support")
|
|
---
|
|
src/firewall/core/nftables.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
index 00a02ad1..a1cb2c47 100644
|
|
--- a/src/firewall/core/nftables.py
|
|
+++ b/src/firewall/core/nftables.py
|
|
@@ -980,7 +980,7 @@ class nftables(object):
|
|
or toaddr and check_single_address("ipv6", toaddr)):
|
|
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
protocol, mark_fragment, toaddr, toport, "ip6"))
|
|
- if rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
|
|
+ elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4"
|
|
or toaddr and check_single_address("ipv4", toaddr)):
|
|
rules.extend(self._build_zone_forward_port_nat_rules(enable, zone,
|
|
protocol, mark_fragment, toaddr, toport, "ip"))
|
|
--
|
|
2.19.1
|
|
|