libs.tools.resolve_identifier(): add option to filter out linklocal ips and only physical interfaces

2023-09-09 15:37:37 +02:00 · 2023-09-09 15:37:37 +02:00 · 2b51812118
commit 2b51812118
parent 6539923644
3 changed files with 19 additions and 27 deletions
--- a/bundles/nftables/metadata.py
+++ b/bundles/nftables/metadata.py
@ -78,7 +78,7 @@ def port_rules_to_nftables(metadata):
            if target in ('*', 'ipv4', 'ipv6'):
                ruleset.add(f'inet filter input {version_str} {port_str} accept {comment}')
            else:
-                resolved = repo.libs.tools.resolve_identifier(repo, target)
+                resolved = repo.libs.tools.resolve_identifier(repo, target, linklocal=True)

                for address in resolved['ipv4']:
                    ruleset.add(f'inet filter input meta nfproto ipv4 {port_str} ip saddr {address} accept {comment}')