Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: fix family / family_name

Browse Source
This commit is contained in:
Pawel Marczewski 2020-01-13 16:47:09 +01:00
parent 00fbb956b4
commit 39885a4329
No known key found for this signature in database
GPG Key ID: DE42EE9B14F96465
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
qubesagent/firewall.py
View File

@ -512,19 +512,22 @@ class NftablesWorker(FirewallWorker):
self.chains[family].add(chain) self.chains[family].add(chain)
def update_connected_ips(self, family): def update_connected_ips(self, family):
family_name = ('ip6' if family == 6 else 'ip')
ips = self.get_connected_ips(family) ips = self.get_connected_ips(family)
if ips: if ips:
addr = '{' + ', '.join(ips) + '}' addr = '{' + ', '.join(ips) + '}'
irule = 'iifname != "vif*" {family} saddr {addr} drop\n'.format(addr) irule = 'iifname != "vif*" {family_name} saddr {addr} drop\n'.format(
orule = 'oifname != "vif*" {family} daddr {addr} drop\n'.format(addr) family_name=family_name, addr=addr)
orule = 'oifname != "vif*" {family_name} daddr {addr} drop\n'.format(
family_name=family_name, addr=addr)
else: else:
irule = '' irule = ''
orule = '' orule = ''
nft_input = ( nft_input = (
'flush chain {family} {table} prerouting\n' 'flush chain {family_name} {table} prerouting\n'
'flush chain {family} {table} postrouting\n' 'flush chain {family_name} {table} postrouting\n'
'table {family} {table} {{\n' 'table {family_name} {table} {{\n'
' chain prerouting {{\n' ' chain prerouting {{\n'
' {irule}' ' {irule}'
' }}\n' ' }}\n'
@ -533,7 +536,7 @@ class NftablesWorker(FirewallWorker):
' }}\n' ' }}\n'
'}}\n' '}}\n'
).format( ).format(
family=('ip6' if family == 6 else 'ip'), family_name=family_name,
table='qubes-firewall', table='qubes-firewall',
irule=irule, irule=irule,
orule=orule, orule=orule,