Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
firewalld.29798
0004-fix_rich_source_address_with_netmask.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-fix_rich_source_address_with_netmask.patch of Package firewalld.29798
commit 3809fef17dc779052a3f050041fe90e3599f35be commit 9e9f94061b129e22e8c6fc2f8985d782bfe09689 commit e635bdffa630c827ff0ed2fc2bb201d560631be0 Author: Eric Garver <eric@garver.life> Date: Wed Sep 15 14:38:28 2021 -0400 fix(nftables): rich: source address with netmask test(rich): source address with netmask test(zone): source with netmask --- src/firewall/core/nftables.py | 5 +++-- src/tests/cli/firewall-cmd.at | 1 + src/tests/regression/regression.at | 1 + src/tests/regression/rhbz1917766.at | 25 +++++++++++++++++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py index ff077ad..f3b50c0 100644 --- a/src/firewall/core/nftables.py +++ b/src/firewall/core/nftables.py @@ -22,6 +22,7 @@ from __future__ import absolute_import import copy import json +import ipaddress from firewall.core.logger import log from firewall.functions import check_mac, getPortRange, normalizeIP6, \ @@ -1213,8 +1214,8 @@ class nftables(object): family = "ip" elif check_address("ipv4", address): family = "ip" - addr_len = address.split("/") - address = {"prefix": {"addr": addr_len[0], "len": int(addr_len[1])}} + normalized_address = ipaddress.IPv4Network(address, strict=False) + address = {"prefix": {"addr": normalized_address.network_address.compressed, "len": normalized_address.prefixlen}} elif check_single_address("ipv6", address): family = "ip6" address = normalizeIP6(address) diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at index 67af8a1..059fc98 100644 --- a/src/tests/cli/firewall-cmd.at +++ b/src/tests/cli/firewall-cmd.at @@ -214,6 +214,7 @@ sources: $1 check_zone_source([1.2.3.4]) check_zone_source([192.168.1.0/24]) + check_zone_source([192.168.1.1/255.255.255.0]) IF_HOST_SUPPORTS_IPV6_RULES([ check_zone_source([3ffe:501:ffff::/64]) check_zone_source([dead:beef::babe]) diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at index a90fc37..2fee7ce 100644 --- a/src/tests/regression/regression.at +++ b/src/tests/regression/regression.at @@ -38,3 +38,4 @@ m4_include([regression/rhbz1855140.at]) m4_include([regression/rhbz1871298.at]) m4_include([regression/rhbz1596304.at]) m4_include([regression/gh703.at]) +m4_include([regression/rhbz1917766.at]) diff --git a/src/tests/regression/rhbz1917766.at b/src/tests/regression/rhbz1917766.at new file mode 100644 index 0000000..961d514 --- /dev/null +++ b/src/tests/regression/rhbz1917766.at @@ -0,0 +1,25 @@ +FWD_START_TEST([rich rule source with netmask]) +AT_KEYWORDS(rich rhbz1917766) + +dnl Note: IPv6 only supports CIDR notation. It does not support address/netmask +dnl notation. + +FWD_CHECK([ --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept'], 0, [ignore]) +FWD_CHECK([--permanent --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept'], 0, [ignore]) + +AT_DATA([./zones/foobar.xml], [dnl +<?xml version="1.0" encoding="utf-8"?> +<zone> + <short>foobar</short> + <description>foobar</description> + <rule family="ipv4"> + <source address="192.168.0.1/255.255.255.240"/> + <accept/> + </rule> +</zone> +]) +FWD_RELOAD() +FWD_CHECK([--zone foobar --add-interface foobar0], 0, [ignore]) + +FWD_END_TEST() +~
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor