From 39885a432956f64dbf158aed3f7c362af6f35c25 Mon Sep 17 00:00:00 2001
From: Pawel Marczewski <pawel@invisiblethingslab.com>
Date: Mon, 13 Jan 2020 16:47:09 +0100
Subject: [PATCH] firewall: fix family / family_name

---
 qubesagent/firewall.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index 7c9f411..75b6292 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -512,19 +512,22 @@ class NftablesWorker(FirewallWorker):
         self.chains[family].add(chain)
 
     def update_connected_ips(self, family):
+        family_name = ('ip6' if family == 6 else 'ip')
         ips = self.get_connected_ips(family)
         if ips:
             addr = '{' + ', '.join(ips) + '}'
-            irule = 'iifname != "vif*" {family} saddr {addr} drop\n'.format(addr)
-            orule = 'oifname != "vif*" {family} daddr {addr} drop\n'.format(addr)
+            irule = 'iifname != "vif*" {family_name} saddr {addr} drop\n'.format(
+                family_name=family_name, addr=addr)
+            orule = 'oifname != "vif*" {family_name} daddr {addr} drop\n'.format(
+                family_name=family_name, addr=addr)
         else:
             irule = ''
             orule = ''
 
         nft_input = (
-            'flush chain {family} {table} prerouting\n'
-            'flush chain {family} {table} postrouting\n'
-            'table {family} {table} {{\n'
+            'flush chain {family_name} {table} prerouting\n'
+            'flush chain {family_name} {table} postrouting\n'
+            'table {family_name} {table} {{\n'
             '  chain prerouting {{\n'
             '    {irule}'
             '  }}\n'
@@ -533,7 +536,7 @@ class NftablesWorker(FirewallWorker):
             '  }}\n'
             '}}\n'
         ).format(
-            family=('ip6' if family == 6 else 'ip'),
+            family_name=family_name,
             table='qubes-firewall',
             irule=irule,
             orule=orule,