From 48d97fb40929afbc1b0bc82759ad75b1937f6e3f Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 15 Feb 2021 09:53:02 -0500 Subject: [PATCH] fix(fw): when checking tables make sure to check the actual backend Calling get_backend_by_ipv() will return nftables if we're using nftables backend, but we really need to check if iptables, et al. are available. --- src/firewall/core/fw.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py index 5e6653bbe..4d0ada35f 100644 --- a/src/firewall/core/fw.py +++ b/src/firewall/core/fw.py @@ -133,18 +133,18 @@ def __init_vars(self): def _check_tables(self): # check if iptables, ip6tables and ebtables are usable, else disable if self.ip4tables_enabled and \ - "filter" not in self.get_backend_by_ipv("ipv4").get_available_tables(): - log.warning("iptables not usable, disabling IPv4 firewall.") + "filter" not in self.ip4tables_backend.get_available_tables(): + log.info1("iptables is not usable.") self.ip4tables_enabled = False if self.ip6tables_enabled and \ - "filter" not in self.get_backend_by_ipv("ipv6").get_available_tables(): - log.warning("ip6tables not usable, disabling IPv6 firewall.") + "filter" not in self.ip6tables_backend.get_available_tables(): + log.info1("ip6tables is not usable.") self.ip6tables_enabled = False if self.ebtables_enabled and \ - "filter" not in self.get_backend_by_ipv("eb").get_available_tables(): - log.warning("ebtables not usable, disabling ethernet bridge firewall.") + "filter" not in self.ebtables_backend.get_available_tables(): + log.info1("ebtables is not usable.") self.ebtables_enabled = False # is there at least support for ipv4 or ipv6