-
Notifications
You must be signed in to change notification settings - Fork 5.5k
[3007.x] Fix/add nftables icmpv6 support #67884
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3007.x] Fix/add nftables icmpv6 support #67884
Conversation
4b40a25
to
7416cf3
Compare
b58fd24
to
5dc26bf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write a test for this
I explained in the PR description why I didn't. That argument still stands. |
@jdelic Regardless of opinions, if you change code, you write a test to check that code, unless there is already a test which covers the change. This rule applies to the core team too. In the past, before 2019, Salt would allow code to be merged after code review without tests been written for it, and this led to a mess, hence since 2019, all code changes require tests, and tests using pytest. Using mock can test the code without having to have an actual VM up etc., noting even simple unnoticed typo's parsing a kwarg can trip code up. |
add changelog entry for 67882 newline at the end of changelog
51725b6
to
9964d4e
Compare
What does this PR do?
Fixes #67882
The nftables state just sends its kwargs to the nftables module. This in turn is currently missing support for ipv6 icmp packet types (icmpv6). This means that currently Salt cannot configure a firewall in such a way that it allows pings, for example. This small patch remedies that.
Previous Behavior
The following was impossible:
New Behavior
The above works now.
Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.
I have not added any test for the above.
cmd.run
. Sonft
is never executed by the tests, so you'd never know if any of this code produced an invalid rule. I do not have the time to contribute to Salt to essentially rewrite the nftables module, so this will have to live without tests.Commits signed with GPG?
Yes