From f77c65411ded33a6815e63bb958e6e9b77b0c288 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20L=C3=A9on?= Date: Mon, 27 Feb 2023 12:04:32 +0100 Subject: [PATCH] Fix SNAT never being added because of exception Some firewall rule object (iptc) do not have a parameter attribute, which results in an exception being triggered, and the mailcow SNAT rule to never be created. Firewall rules that trigger such exception are: - -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN This commit just verify attribute presence, and skip the rule properly instead of triggering an exception. --- data/Dockerfiles/netfilter/server.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py index 0b0e2a41e9..b1a9f3364e 100644 --- a/data/Dockerfiles/netfilter/server.py +++ b/data/Dockerfiles/netfilter/server.py @@ -366,6 +366,8 @@ def get_snat4_rule(): chain.insert_rule(new_rule) else: for position, rule in enumerate(chain.rules): + if not hasattr(rule.target, 'parameter'): + continue match = all(( new_rule.get_src() == rule.get_src(), new_rule.get_dst() == rule.get_dst(),