From 3ae004f3e82026b83f9b4096a9566a2253b00f41 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 28 Mar 2018 16:08:24 +0200
Subject: [dnbd3-proxy-mode] Workaround for broken slx-admin whitelist, apply
 to all ifs

Refs #3348
---
 .../data/opt/openslx/scripts/systemd-setup_dnbd3_proxy            | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'core/modules/dnbd3-proxy-mode')

diff --git a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
index 746c5fae..ff889fde 100755
--- a/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
+++ b/core/modules/dnbd3-proxy-mode/data/opt/openslx/scripts/systemd-setup_dnbd3_proxy
@@ -156,13 +156,15 @@ done
 
 rm -f "/opt/openslx/iptables/rules.d/99-dnbd3"
 # now create iptables helper rules
-if [ -n "${SLX_DNBD3_WHITELIST}" ]; then
+if [ -n "${SLX_DNBD3_WHITELIST}" ] && [ "${SLX_DNBD3_WHITELIST%/*}" != "${SLX_DNBD3_WHITELIST}" ]; then
+	# XXX: Remove the second check above after ~ 2018-10-01 -- it's a workaround for broken slx-admin
+	# that won't properly calculate CIDR notion resulting in a severely locked down proxy :(
 	DNBD3_IPTABLES_CONF="$(mktemp)"
 	echo '#!/bin/ash' > "${DNBD3_IPTABLES_CONF}"
 	for CIDR in ${SLX_DNBD3_WHITELIST} ${SLX_KCL_SERVERS}; do
-		echo "iptables -I ipt-helper-INPUT 1 -i br0 -p tcp -s ${CIDR} --dport ${DNBD3_PORT} -j ACCEPT"
+		echo "iptables -I ipt-helper-INPUT 1 -p tcp -s ${CIDR} --dport ${DNBD3_PORT} -j ACCEPT"
 	done >> "${DNBD3_IPTABLES_CONF}"
-	echo "iptables -A ipt-helper-INPUT -i br0 -p tcp --dport ${DNBD3_PORT} -j REJECT" >> "${DNBD3_IPTABLES_CONF}"
+	echo "iptables -A ipt-helper-INPUT -p tcp --dport ${DNBD3_PORT} -j REJECT" >> "${DNBD3_IPTABLES_CONF}"
 	chmod +x "${DNBD3_IPTABLES_CONF}"
 	mv -f "$DNBD3_IPTABLES_CONF" "/opt/openslx/iptables/rules.d/99-dnbd3"
 fi
-- 
cgit v1.2.3-55-g7522