From a8ce7215aa37e6d1c65c9ef3808dc9e53eee1f12 Mon Sep 17 00:00:00 2001
From: Miha Purg <miha.purg@canonical.com>
Date: Mon, 2 Dec 2024 13:40:29 +0100
Subject: [PATCH] Fix set_ipv6_loopback_traffic SCE for ubuntu2404

ip6tables output changed from ubuntu2204 to ubuntu2404.
E.g. from `ip6tables -n -v -L INPUT`

- 22.04: `0     0 ACCEPT     all      lo     *       ::/0 ::/0`
- 24.04: `0     0 ACCEPT     0    --  lo     *       ::/0                 ::/0`kj
---
 .../set_ipv6_loopback_traffic/sce/ubuntu.sh          | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh
index 674c412d5ac..4e57b6d20b0 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh
@@ -7,15 +7,21 @@ if [ ! -e /proc/sys/net/ipv6/conf/all/disable_ipv6 ] || [ "$(cat /proc/sys/net/i
     exit "$XCCDF_RESULT_PASS"
 fi
 
-regex="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+all\s+\*\s+\*\s+::1\s+::\/0"
+{{% if product in ['ubuntu2404'] %}}
+regex_input="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+[0-9]+\s+--\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+[0-9]+\s+--\s+\*\s+\*\s+::1\s+::\/0"
+regex_output="\s[0-9]+\s+[0-9]+\s+ACCEPT\s+[0-9]+\s+--\s+\*\s+lo\s+::\/0\s+::\/0"
+{{% else %}}
+regex_input="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+all\s+\*\s+\*\s+::1\s+::\/0"
+regex_output="\s[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+\*\s+lo\s+::\/0\s+::\/0"
+{{% endif %}}
 
 # Check chain INPUT for loopback related rules
-if ! ip6tables -L INPUT -v -n -x | grep -Ezq "$regex" ; then
+if ! ip6tables -L INPUT -v -n -x | grep -Ezq "$regex_input" ; then
     exit "$XCCDF_RESULT_FAIL"
 fi
 
  # Check chain OUTPUT for loopback related rules
-if ! ip6tables -L OUTPUT -v -n -x | grep -Eq "\s[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+\*\s+lo\s+::\/0\s+::\/0" ; then
+if ! ip6tables -L OUTPUT -v -n -x | grep -Eq "$regex_output"; then
     exit "$XCCDF_RESULT_FAIL"
 fi