[dnbd3-proxy-mode] Workaround for broken slx-admin whitelist, apply to all ifs

Refs #3348

1 files changed, 5 insertions, 3 deletions

diff --git a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
index 746c5fae..ff889fde 100755
--- a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
+++ b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
@@ -156,13 +156,15 @@ done
 
 rm -f "/opt/openslx/iptables/rules.d/99-dnbd3"
 # now create iptables helper rules
-if [ -n "${SLX_DNBD3_WHITELIST}" ]; then
+if [ -n "${SLX_DNBD3_WHITELIST}" ] && [ "${SLX_DNBD3_WHITELIST%/*}" != "${SLX_DNBD3_WHITELIST}" ]; then
+	# XXX: Remove the second check above after ~ 2018-10-01 -- it's a workaround for broken slx-admin
+	# that won't properly calculate CIDR notion resulting in a severely locked down proxy :(
 	DNBD3_IPTABLES_CONF="$(mktemp)"
 	echo '#!/bin/ash' > "${DNBD3_IPTABLES_CONF}"
 	for CIDR in ${SLX_DNBD3_WHITELIST} ${SLX_KCL_SERVERS}; do
-		echo "iptables -I ipt-helper-INPUT 1 -i br0 -p tcp -s ${CIDR} --dport ${DNBD3_PORT} -j ACCEPT"
+		echo "iptables -I ipt-helper-INPUT 1 -p tcp -s ${CIDR} --dport ${DNBD3_PORT} -j ACCEPT"
 	done >> "${DNBD3_IPTABLES_CONF}"
-	echo "iptables -A ipt-helper-INPUT -i br0 -p tcp --dport ${DNBD3_PORT} -j REJECT" >> "${DNBD3_IPTABLES_CONF}"
+	echo "iptables -A ipt-helper-INPUT -p tcp --dport ${DNBD3_PORT} -j REJECT" >> "${DNBD3_IPTABLES_CONF}"
 	chmod +x "${DNBD3_IPTABLES_CONF}"
 	mv -f "$DNBD3_IPTABLES_CONF" "/opt/openslx/iptables/rules.d/99-dnbd3"
 fi