bundles/nftables: add support for restricting to "all ipv6" and "all ipv4"
This commit is contained in:
parent
d2f1bb406d
commit
c6c5d40084
1 changed files with 5 additions and 1 deletions
|
@ -58,7 +58,7 @@ def port_rules_to_nftables(metadata):
|
|||
if port == '*' and target == '*':
|
||||
raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
|
||||
|
||||
comment = f'# port_rules {target}'
|
||||
comment = f'comment "port_rules {target}"'
|
||||
|
||||
if port != '*':
|
||||
if ':' in port:
|
||||
|
@ -73,6 +73,10 @@ def port_rules_to_nftables(metadata):
|
|||
|
||||
if target == '*':
|
||||
ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
|
||||
elif target == 'ipv4':
|
||||
ruleset.add(f'{prefix}{proto} {port_str}ip version 4 accept {comment}')
|
||||
elif target == 'ipv6':
|
||||
ruleset.add(f'{prefix}{proto} {port_str}ip6 version 6 accept {comment}')
|
||||
else:
|
||||
resolved = repo.libs.tools.resolve_identifier(repo, target)
|
||||
|
||||
|
|
Loading…
Reference in a new issue