55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
From c6fe749fb75004c30818bcc0696ac23801239d0b Mon Sep 17 00:00:00 2001
|
|
From: Eric Garver <eric@garver.life>
|
|
Date: Tue, 21 Jul 2020 16:03:24 -0400
|
|
Subject: [PATCH] fix(policy): ipXtables: calculate max name len properly
|
|
|
|
Policy chain names still need the SHORTCUTS (POST, IN, etc) in the chain
|
|
name. As such, calculate the max name length appropriately.
|
|
|
|
This also drops the "pol_" prefix for policy chains. Retaining it would
|
|
restrict the policy name max length unreasonably so.
|
|
|
|
Fixes: 34bdee40aa61 ("feat: implement policy objects internally")
|
|
---
|
|
src/firewall/core/ipXtables.py | 2 +-
|
|
src/firewall/functions.py | 8 +++++---
|
|
2 files changed, 6 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
|
|
index b310a74..54c267b 100644
|
|
--- a/src/firewall/core/ipXtables.py
|
|
+++ b/src/firewall/core/ipXtables.py
|
|
@@ -32,7 +32,7 @@ from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \
|
|
Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock
|
|
import string
|
|
|
|
-POLICY_CHAIN_PREFIX = "pol_"
|
|
+POLICY_CHAIN_PREFIX = ""
|
|
|
|
BUILT_IN_CHAINS = {
|
|
"security": [ "INPUT", "OUTPUT", "FORWARD" ],
|
|
diff --git a/src/firewall/functions.py b/src/firewall/functions.py
|
|
index d4c5e90..de4e244 100644
|
|
--- a/src/firewall/functions.py
|
|
+++ b/src/firewall/functions.py
|
|
@@ -508,11 +508,13 @@ def ppid_of_pid(pid):
|
|
def max_policy_name_len():
|
|
"""
|
|
iptables limits length of chain to (currently) 28 chars.
|
|
- The longest chain we create is pol_<policy>_allow,
|
|
- which leaves 28 - 10 = 18 chars for <policy>.
|
|
+ The longest chain we create is POST_<policy>_allow,
|
|
+ which leaves 28 - 11 = 17 chars for <policy>.
|
|
"""
|
|
from firewall.core.ipXtables import POLICY_CHAIN_PREFIX
|
|
- return 28 - (len(POLICY_CHAIN_PREFIX) + len("_allow"))
|
|
+ from firewall.core.base import SHORTCUTS
|
|
+ longest_shortcut = max(map(len, SHORTCUTS.values()))
|
|
+ return 28 - (longest_shortcut + len(POLICY_CHAIN_PREFIX) + len("_allow"))
|
|
|
|
def max_zone_name_len():
|
|
"""
|
|
--
|
|
1.8.3.1
|
|
|