kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/nftables: add support for restricting to "all ipv6" and "all ipv4"

Browse source
This commit is contained in:
Franzi 2021-12-14 12:40:54 +01:00
parent d2f1bb406d
commit c6c5d40084
Signed by: kunsi
GPG key ID: 12E3D2136B818350
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bundles/nftables/metadata.py
View file

@ -58,7 +58,7 @@ def port_rules_to_nftables(metadata):
if port == '*' and target == '*': if port == '*' and target == '*':
raise BundleError('firewall/port_rules: setting both port and target to * is unsupported') raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
comment = f'# port_rules {target}' comment = f'comment "port_rules {target}"'
if port != '*': if port != '*':
if ':' in port: if ':' in port:
@ -73,6 +73,10 @@ def port_rules_to_nftables(metadata):
if target == '*': if target == '*':
ruleset.add(f'{prefix}{proto} {port_str}accept {comment}') ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
elif target == 'ipv4':
ruleset.add(f'{prefix}{proto} {port_str}ip version 4 accept {comment}')
elif target == 'ipv6':
ruleset.add(f'{prefix}{proto} {port_str}ip6 version 6 accept {comment}')
else: else:
resolved = repo.libs.tools.resolve_identifier(repo, target) resolved = repo.libs.tools.resolve_identifier(repo, target)