Commit a1b2ca79 authored by Sigmund Augdal's avatar Sigmund Augdal

Work around ugle bugly bug in ipset restore

parent 9a17c5f0
......@@ -103,6 +103,9 @@ class Generator(object):
def add_ipset_member_family(self, name, member, family, suffix, source, addresses):
setname = self.set_name(name, family)
member_mask = ''
if family == 'inet':
member_mask = '/32'
if source is not None:
if source in self.addresses_v4:
suffix = "{},{}".format(suffix, addresses[source])
......@@ -110,7 +113,13 @@ class Generator(object):
self.output("add {} {}{}".format(setname, addresses[member], suffix))
else:
self.group_members[setname] += 1
self.output("add {} {}{}".format(setname, addresses[member], suffix))
# ipset restore seems to treat ipv4 add rules with port
# ranges as if the target ip is a range with very open
# netmask. This is a but-ugle workaround
to = addresses[member]
if '-' in suffix:
to += member_mask
self.output("add {} {}{}".format(setname, to, suffix))
def add_ipset_member(self, name, member, protocol="tcp", port=None, net=None, source=None):
suffix = ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment