bundles/nftables: add support for restricting to "all ipv6" and "all ipv4"
This commit is contained in:
parent
d2f1bb406d
commit
c6c5d40084
1 changed files with 5 additions and 1 deletions
|
@ -58,7 +58,7 @@ def port_rules_to_nftables(metadata):
|
||||||
if port == '*' and target == '*':
|
if port == '*' and target == '*':
|
||||||
raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
|
raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
|
||||||
|
|
||||||
comment = f'# port_rules {target}'
|
comment = f'comment "port_rules {target}"'
|
||||||
|
|
||||||
if port != '*':
|
if port != '*':
|
||||||
if ':' in port:
|
if ':' in port:
|
||||||
|
@ -73,6 +73,10 @@ def port_rules_to_nftables(metadata):
|
||||||
|
|
||||||
if target == '*':
|
if target == '*':
|
||||||
ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
|
ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
|
||||||
|
elif target == 'ipv4':
|
||||||
|
ruleset.add(f'{prefix}{proto} {port_str}ip version 4 accept {comment}')
|
||||||
|
elif target == 'ipv6':
|
||||||
|
ruleset.add(f'{prefix}{proto} {port_str}ip6 version 6 accept {comment}')
|
||||||
else:
|
else:
|
||||||
resolved = repo.libs.tools.resolve_identifier(repo, target)
|
resolved = repo.libs.tools.resolve_identifier(repo, target)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue