- Fixed ipset overloading, dropped applied check in get_ipset (issue#206)
This commit is contained in:
parent
21021781ec
commit
3f2143f4aa
91
firewalld-0.4.4.3-get_ipset_no_applied_check.patch
Normal file
91
firewalld-0.4.4.3-get_ipset_no_applied_check.patch
Normal file
@ -0,0 +1,91 @@
|
||||
commit 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9
|
||||
Author: Thomas Woerner <twoerner@redhat.com>
|
||||
Date: Wed Feb 15 11:11:40 2017 +0100
|
||||
|
||||
firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
|
||||
|
||||
This breaks the ipset overloading from /etc/firewalld/ipsets.
|
||||
Fixes: #206
|
||||
|
||||
diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py
|
||||
index bbbc8eb..952d122 100644
|
||||
--- a/src/firewall/core/fw_ipset.py
|
||||
+++ b/src/firewall/core/fw_ipset.py
|
||||
@@ -55,10 +55,11 @@ class FirewallIPSet(object):
|
||||
def has_ipsets(self):
|
||||
return len(self._ipsets) > 0
|
||||
|
||||
- def get_ipset(self, name):
|
||||
+ def get_ipset(self, name, applied=False):
|
||||
self.check_ipset(name)
|
||||
obj = self._ipsets[name]
|
||||
- self.check_applied_obj(obj)
|
||||
+ if applied:
|
||||
+ self.check_applied_obj(obj)
|
||||
return obj
|
||||
|
||||
def _error2warning(self, f, name, *args):
|
||||
@@ -141,11 +142,11 @@ class FirewallIPSet(object):
|
||||
# TYPE
|
||||
|
||||
def get_type(self, name):
|
||||
- return self.get_ipset(name).type
|
||||
+ return self.get_ipset(name, applied=True).type
|
||||
|
||||
# DIMENSION
|
||||
def get_dimension(self, name):
|
||||
- return len(self.get_ipset(name).type.split(","))
|
||||
+ return len(self.get_ipset(name, applied=True).type.split(","))
|
||||
|
||||
# APPLIED
|
||||
|
||||
@@ -164,7 +165,7 @@ class FirewallIPSet(object):
|
||||
# OPTIONS
|
||||
|
||||
def get_family(self, name):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
if "family" in obj.options:
|
||||
if obj.options["family"] == "inet6":
|
||||
return "ipv6"
|
||||
@@ -179,7 +180,7 @@ class FirewallIPSet(object):
|
||||
pass
|
||||
|
||||
def add_entry(self, name, entry):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
if "timeout" in obj.options and obj.options["timeout"] != "0":
|
||||
# no entries visible for ipsets with timeout
|
||||
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
|
||||
@@ -201,7 +202,7 @@ class FirewallIPSet(object):
|
||||
obj.entries.append(entry)
|
||||
|
||||
def remove_entry(self, name, entry):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
if "timeout" in obj.options and obj.options["timeout"] != "0":
|
||||
# no entries visible for ipsets with timeout
|
||||
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
|
||||
@@ -222,7 +223,7 @@ class FirewallIPSet(object):
|
||||
obj.entries.remove(entry)
|
||||
|
||||
def query_entry(self, name, entry):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
if "timeout" in obj.options and obj.options["timeout"] != "0":
|
||||
# no entries visible for ipsets with timeout
|
||||
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
|
||||
@@ -230,11 +231,11 @@ class FirewallIPSet(object):
|
||||
return entry in obj.entries
|
||||
|
||||
def get_entries(self, name):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
return obj.entries
|
||||
|
||||
def set_entries(self, name, entries):
|
||||
- obj = self.get_ipset(name)
|
||||
+ obj = self.get_ipset(name, applied=True)
|
||||
if "timeout" in obj.options and obj.options["timeout"] != "0":
|
||||
# no entries visible for ipsets with timeout
|
||||
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
|
@ -8,7 +8,7 @@
|
||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||
Name: firewalld
|
||||
Version: 0.4.4.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
URL: http://www.firewalld.org
|
||||
License: GPLv2+
|
||||
Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
|
||||
@ -19,6 +19,7 @@ Source2: FedoraWorkstation.xml
|
||||
%if 0%{?fedora}
|
||||
Patch0: firewalld-0.2.6-MDNS-default.patch
|
||||
%endif
|
||||
Patch1: firewalld-0.4.4.3-get_ipset_no_applied_check.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: desktop-file-utils
|
||||
BuildRequires: gettext
|
||||
@ -154,6 +155,7 @@ firewalld.
|
||||
%if 0%{?fedora}
|
||||
%patch0 -p1
|
||||
%endif
|
||||
%patch1 -p1 -b .get_ipset_no_applied_check
|
||||
|
||||
%if 0%{?with_python3}
|
||||
rm -rf %{py3dir}
|
||||
@ -412,6 +414,9 @@ fi
|
||||
%{_mandir}/man1/firewall-config*.1*
|
||||
|
||||
%changelog
|
||||
* Tue Feb 21 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-2
|
||||
- Fixed ipset overloading, dropped applied check in get_ipset (issue#206)
|
||||
|
||||
* Fri Feb 10 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.3-1
|
||||
- Rebase to firewalld-0.4.4.3
|
||||
http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release
|
||||
|
Loading…
Reference in New Issue
Block a user