Overview

File 0001-fix-nftables-set-correctly-match-iifname-oifname.patch of Package firewalld-legacy

From 47cb174ae4e1e00fb777c2927f9757d10f38b8da Mon Sep 17 00:00:00 2001
From: Peter Turner <pturner@uwalumni.com>
Date: Thu, 17 Oct 2024 13:26:16 -0500
Subject: [PATCH] fix(nftables): set: correctly match iifname/oifname

For sets that match iface, the match for iifname/oifname was backwards.

https://github.com/firewalld/firewalld/issues/1399#issuecomment-2420036920
(cherry picked from commit 9089bdb83c5528d2fbcbdc63043493941fcaaf19)
---
 src/firewall/core/nftables.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index 6ad4b916..ab846902 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1752,7 +1752,9 @@ class nftables(object):
                 fragments.append({"payload": {"protocol": self._set_get_family(name),
                                               "field": "daddr" if match_dest else "saddr"}})
             elif format == "iface":
-                fragments.append({"meta": {"key": "iifname" if match_dest else "oifname"}})
+                fragments.append(
+                    {"meta": {"key": "oifname" if match_dest else "iifname"}}
+                )
             elif format == "mark":
                 fragments.append({"meta": {"key": "mark"}})
             else:
-- 
2.51.0
openSUSE Build Service is sponsored by
Places