7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5070 from mailcow/fix/snat 

[Netfilter] Fix IPv4 Subrouting not added properly
This commit is contained in:
Niklas Meyer 2023-02-17 15:44:16 +01:00 committed by GitHub
parent 7f0dd7d0d7 1a4f11209a
commit a8c61daeaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
data/Dockerfiles/netfilter/server.py
View File

@ -359,6 +359,12 @@ def snat4(snat_target):
chain = iptc.Chain(table, 'POSTROUTING') chain = iptc.Chain(table, 'POSTROUTING')
table.autocommit = False table.autocommit = False
new_rule = get_snat4_rule() new_rule = get_snat4_rule()
if not chain.rules:
# if there are no rules in the chain, insert the new rule directly
logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
chain.insert_rule(new_rule)
else:
for position, rule in enumerate(chain.rules): for position, rule in enumerate(chain.rules):
match = all(( match = all((
new_rule.get_src() == rule.get_src(), new_rule.get_src() == rule.get_src(),
@ -374,6 +380,7 @@ def snat4(snat_target):
if match: if match:
logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}') logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
chain.delete_rule(rule) chain.delete_rule(rule)
table.commit() table.commit()
table.autocommit = True table.autocommit = True
except: except:

2
docker-compose.yml
View File

@ -425,7 +425,7 @@ services:
- acme - acme
netfilter-mailcow: netfilter-mailcow:
image: mailcow/netfilter:1.50 image: mailcow/netfilter:1.51
stop_grace_period: 30s stop_grace_period: 30s
depends_on: depends_on:
- dovecot-mailcow - dovecot-mailcow