Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Netfilter] fix setting SNAT Rule if chain is empty

Browse Source
This commit is contained in:
FreddleSpl0it 2023-02-17 13:15:44 +01:00
parent cd29ad883e
commit 04403aaf70
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
data/Dockerfiles/netfilter/server.py
View File

@ -359,21 +359,28 @@ def snat4(snat_target):
chain = iptc.Chain(table, 'POSTROUTING') chain = iptc.Chain(table, 'POSTROUTING')
table.autocommit = False table.autocommit = False
new_rule = get_snat4_rule() new_rule = get_snat4_rule()
for position, rule in enumerate(chain.rules):
match = all(( if not chain.rules:
new_rule.get_src() == rule.get_src(), # if there are no rules in the chain, insert the new rule directly
new_rule.get_dst() == rule.get_dst(), logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
new_rule.target.parameters == rule.target.parameters, chain.insert_rule(new_rule)
new_rule.target.name == rule.target.name else:
)) for position, rule in enumerate(chain.rules):
if position == 0: match = all((
if not match: new_rule.get_src() == rule.get_src(),
logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}') new_rule.get_dst() == rule.get_dst(),
chain.insert_rule(new_rule) new_rule.target.parameters == rule.target.parameters,
else: new_rule.target.name == rule.target.name
if match: ))
logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}') if position == 0:
chain.delete_rule(rule) if not match:
logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
chain.insert_rule(new_rule)
else:
if match:
logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
chain.delete_rule(rule)
table.commit() table.commit()
table.autocommit = True table.autocommit = True
except: except: