Projects
openEuler:24.03:SP1:Everything:64G
firewalld
_service:tar_scm:backport-chore-nftables-add-de...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-chore-nftables-add-delete-table-helper.patch of Package firewalld
From 8be561d26931832f000526cc41293700faa6c877 Mon Sep 17 00:00:00 2001 From: Eric Garver <eric@garver.life> Date: Mon, 14 Aug 2023 09:13:29 -0400 Subject: [PATCH] chore(nftables): add delete table helper This is to workaround an nftables issue where using the "delete" verb on a table that does not exist will throw ENOENT. We can't use the newer "destroy" verb because it's too new to rely upon. A simple hack is to always add the table before deleting it. The "add" is ignored if the table already exists. Conflict: NA Reference: https://github.com/firewalld/firewalld/commit/8be561d26931832f000526cc41293700faa6c877 --- src/firewall/core/nftables.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py index f269afa9..ce8cb5e7 100644 --- a/src/firewall/core/nftables.py +++ b/src/firewall/core/nftables.py @@ -383,6 +383,17 @@ class nftables: # Tables always exist in nftables return [table] if table else IPTABLES_TO_NFT_HOOK.keys() + def _build_delete_table_rules(self, table): + # To avoid nftables returning ENOENT we always add the table before + # deleting to guarantee it will exist. + # + # In the future, this add+delete should be replaced with "destroy", but + # that verb is too new to rely upon. + return [{"add": {"table": {"family": "inet", + "name": table}}}, + {"delete": {"table": {"family": "inet", + "name": table}}}] + def build_flush_rules(self): # Policy is stashed in a separate table that we're _not_ going to # flush. As such, we retain the policy rule handles and ref counts. -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2