7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add checks for chains

This commit is contained in:
amorfo77 2023-02-10 21:08:25 +01:00
parent 1d5b5dbd86
commit 3889050294
1 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
data/Dockerfiles/netfilter/server.py
View File

@ -165,28 +165,26 @@ def search_current_chains():
if kernel_ruleset: if kernel_ruleset:
for object in kernel_ruleset['nftables']: for object in kernel_ruleset['nftables']:
chain = object.get("chain") chain = object.get("chain")
if not chain: if not chain: continue
continue
_family = chain['family'] _family = chain['family']
_table = chain['table'] _table = chain['table']
if not _family in nft_chain_names: continue
if not _table in nft_chain_names[_family]: continue
hook = chain.get("hook") _hook = chain.get("hook")
if not hook or hook not in nft_chain_names[_family][_table]: if not _hook in nft_chain_names[_family][_table]: continue
continue
_hook = chain['hook'] _priority = chain.get("prio")
if _priority is None: continue
_name = chain['name']
priority = chain.get("prio") if _priority < nft_chain_priority[_family][_table][_hook]:
if priority is None: # at this point, we know the chain has:
continue # hook and priority set
# and it has the lowest priority
if priority < nft_chain_priority[_family][_table][_hook]: nft_chain_priority[_family][_table][_hook] = _priority
# at this point, we know the chain has: nft_chain_names[_family][_table][_hook] = _name
# hook and priority set
# and it has the lowest priority
nft_chain_priority[_family][_table][_hook] = priority
nft_chain_names[_family][_table][_hook] = chain['name']
def search_for_chain(kernel_ruleset: dict, chain_name: str): def search_for_chain(kernel_ruleset: dict, chain_name: str):
found = False found = False
@ -261,18 +259,18 @@ def insert_mailcow_chains(_family: str):
continue continue
rule = object["rule"] rule = object["rule"]
if rule["chain"] == nft_input_chain: if nft_input_chain and rule["chain"] == nft_input_chain:
if rule.get("comment") and rule["comment"] == "mailcow": if rule.get("comment") and rule["comment"] == "mailcow":
input_jump_found = True input_jump_found = True
if rule["chain"] == nft_forward_chain: if nft_forward_chain and rule["chain"] == nft_forward_chain:
if rule.get("comment") and rule["comment"] == "mailcow": if rule.get("comment") and rule["comment"] == "mailcow":
forward_jump_found = True forward_jump_found = True
if not input_jump_found and nft_input_chain: if not input_jump_found:
command = get_mailcow_jump_rule_dict(_family, nft_input_chain) command = get_mailcow_jump_rule_dict(_family, nft_input_chain)
nft_exec_dict(command) nft_exec_dict(command)
if not forward_jump_found and nft_forward_chain: if not forward_jump_found:
command = get_mailcow_jump_rule_dict(_family, nft_forward_chain) command = get_mailcow_jump_rule_dict(_family, nft_forward_chain)
nft_exec_dict(command) nft_exec_dict(command)