morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

firewall-util: refuse IPv6 firewall rules when kernel does not support IPv6

Browse Source
This commit is contained in:
Yu Watanabe
2021-03-23 12:02:54 +09:00
parent 175bc86315
commit 0c4363a005
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/shared/firewall-util-nft.c
View File

@@ -756,9 +756,11 @@ int fw_nftables_init(FirewallContext *ctx) {
if (r < 0)
return r;
r = fw_nftables_init_family(nfnl, AF_INET6);
if (r < 0)
log_debug_errno(r, "Failed to init ipv6 NAT: %m");
if (socket_ipv6_is_supported()) {
r = fw_nftables_init_family(nfnl, AF_INET6);
if (r < 0)
log_debug_errno(r, "Failed to init ipv6 NAT: %m");
}
ctx->nfnl = TAKE_PTR(nfnl);
return 0;
@@ -902,6 +904,9 @@ int fw_nftables_add_masquerade(
int r;
if (!socket_ipv6_is_supported() && af == AF_INET6)
return -EOPNOTSUPP;
r = fw_nftables_add_masquerade_internal(ctx, add, af, source, source_prefixlen);
if (r != -ENOENT)
return r;
@@ -1048,6 +1053,9 @@ int fw_nftables_add_local_dnat(
int r;
if (!socket_ipv6_is_supported() && af == AF_INET6)
return -EOPNOTSUPP;
r = fw_nftables_add_local_dnat_internal(ctx, add, af, protocol, local_port, remote, remote_port, previous_remote);
if (r != -ENOENT)
return r;