Fix setup_input_chain

radupotop · Apr 5, 2024 · 02ff5b2 · 02ff5b2
1 parent 1a021f3
commit 02ff5b2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/app/iptables.py b/app/iptables.py
@@ -26,7 +26,7 @@ def setup_whitelist_chain(self):
         log.info('Creating the whitelist chain: %s', self.config.chain)
         self.chain = self.filter_table.create_chain(self.config.chain)
 
-    def setup_input_chain(self):
+    def setup_input_chain(self, set_policy_drop=False):
         """
         Append a rule to the INPUT chain to jump to the whitelist chain for
         all the packets matching the destination ports & protocols.
@@ -40,7 +40,7 @@ def setup_input_chain(self):
             input_chain.append_rule(input_rule)
             log.info('Added INPUT chain rule for %s:%s', port, protocol)
 
-        if self.config.set_input_policy_drop:
+        if set_policy_drop:
             log.warning('Setting the INPUT chain Policy to DROP')
             input_chain.set_policy(iptc.Policy.DROP)
 

diff --git a/tests/test_iptables.py b/tests/test_iptables.py
@@ -14,7 +14,7 @@ def setup_class(self):
 
     def test_setup_chain(self):
         self.ipt.setup_whitelist_chain()
-        self.ipt.setup_input_chain()
+        self.ipt.setup_input_chain(set_policy_drop=True)
 
     def test_initial_chain_added(self):
         chain_names = [c.name for c in self.filter_table.chains]

diff --git a/utils/bootstrap.py b/utils/bootstrap.py
@@ -14,7 +14,7 @@ def create_chains():
     cfg = ConfigReader()
     ipt = IPTables(cfg)
     ipt.setup_whitelist_chain()
-    ipt.setup_input_chain()
+    ipt.setup_input_chain(set_policy_drop=cfg.set_input_policy_drop)
 
 
 if __name__ == '__main__':