bundles/nftables: add support for restricting to "all ipv6" and "all ipv4"

This commit is contained in:
Franzi 2021-12-14 12:40:54 +01:00
parent d2f1bb406d
commit c6c5d40084
Signed by: kunsi
GPG key ID: 12E3D2136B818350

View file

@ -58,7 +58,7 @@ def port_rules_to_nftables(metadata):
if port == '*' and target == '*':
raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
comment = f'# port_rules {target}'
comment = f'comment "port_rules {target}"'
if port != '*':
if ':' in port:
@ -73,6 +73,10 @@ def port_rules_to_nftables(metadata):
if target == '*':
ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
elif target == 'ipv4':
ruleset.add(f'{prefix}{proto} {port_str}ip version 4 accept {comment}')
elif target == 'ipv6':
ruleset.add(f'{prefix}{proto} {port_str}ip6 version 6 accept {comment}')
else:
resolved = repo.libs.tools.resolve_identifier(repo, target)