firewalld/0001-firewall-backend-Switch-default-backend-to-iptables.patch

diff -burNE firewalld-0.7.4_orig/config/firewalld.conf firewalld-0.7.4/config/firewalld.conf
--- firewalld-0.7.4_orig/config/firewalld.conf	2020-04-03 09:45:04.363964087 +0200
+++ firewalld-0.7.4/config/firewalld.conf	2020-04-03 09:45:21.495215479 +0200
@@ -53,9 +53,9 @@
 # FirewallBackend
 # Selects the firewall backend implementation.
 # Choices are:
-#	- nftables (default)
-#	- iptables (iptables, ip6tables, ebtables and ipset)
-FirewallBackend=nftables
+#	- nftables
+#	- iptables (iptables, ip6tables, ebtables and ipset) (default)
+FirewallBackend=iptables
 
 # FlushAllOnReload
 # Flush all runtime rules on a reload. In previous releases some runtime
diff -burNE firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml firewalld-0.7.4/doc/xml/firewalld.conf.xml
--- firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml	2020-04-03 09:45:05.071933150 +0200
+++ firewalld-0.7.4/doc/xml/firewalld.conf.xml	2020-04-03 09:45:21.499215305 +0200
@@ -149,8 +149,8 @@
             <listitem>
                 <para>
                 Selects the firewall backend implementation. Possible values
-                are; <replaceable>nftables</replaceable> (default), or
-                <replaceable>iptables</replaceable>. This applies to all
+                are; <replaceable>nftables</replaceable>, or
+                <replaceable>iptables</replaceable> (default). This applies to all
                 firewalld primitives. The only exception is direct and
                 passthrough rules which always use the traditional iptables,
                 ip6tables, and ebtables backends.
diff -burNE firewalld-0.7.4_orig/src/firewall/config/__init__.py.in firewalld-0.7.4/src/firewall/config/__init__.py.in
--- firewalld-0.7.4_orig/src/firewall/config/__init__.py.in	2020-04-03 09:45:05.367920215 +0200
+++ firewalld-0.7.4/src/firewall/config/__init__.py.in	2020-04-03 09:45:21.503215130 +0200
@@ -128,7 +128,7 @@
 FALLBACK_INDIVIDUAL_CALLS = False
 FALLBACK_LOG_DENIED = "off"
 FALLBACK_AUTOMATIC_HELPERS = "system"
-FALLBACK_FIREWALL_BACKEND = "nftables"
+FALLBACK_FIREWALL_BACKEND = "iptables"
 FALLBACK_FLUSH_ALL_ON_RELOAD = True
 FALLBACK_RFC3964_IPV4 = True
 FALLBACK_ALLOW_ZONE_DRIFTING = False
Accepting request 791189 from home:lemmy04:branches:security:netfilter - Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/.at changes doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject" OBS-URL: https://build.opensuse.org/request/show/791189 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101 2020-04-03 14:30:54 +02:00			`diff -burNE firewalld-0.7.4_orig/config/firewalld.conf firewalld-0.7.4/config/firewalld.conf`
			`--- firewalld-0.7.4_orig/config/firewalld.conf 2020-04-03 09:45:04.363964087 +0200`
			`+++ firewalld-0.7.4/config/firewalld.conf 2020-04-03 09:45:21.495215479 +0200`
Accepting request 736856 from home:lemmy04:branches:security:netfilter - rebased the original patch from revision 19 - apply patch only on openSUSE < TW, and SLES. - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 OBS-URL: https://build.opensuse.org/request/show/736856 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96 2019-10-10 15:08:15 +02:00			`@@ -53,9 +53,9 @@`
			`# FirewallBackend`
			`# Selects the firewall backend implementation.`
			`# Choices are:`
			`-# - nftables (default)`
			`-# - iptables (iptables, ip6tables, ebtables and ipset)`
			`-FirewallBackend=nftables`
			`+# - nftables`
			`+# - iptables (iptables, ip6tables, ebtables and ipset) (default)`
			`+FirewallBackend=iptables`

			`# FlushAllOnReload`
			`# Flush all runtime rules on a reload. In previous releases some runtime`
Accepting request 791189 from home:lemmy04:branches:security:netfilter - Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/.at changes doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject" OBS-URL: https://build.opensuse.org/request/show/791189 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101 2020-04-03 14:30:54 +02:00			`diff -burNE firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml firewalld-0.7.4/doc/xml/firewalld.conf.xml`
			`--- firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml 2020-04-03 09:45:05.071933150 +0200`
			`+++ firewalld-0.7.4/doc/xml/firewalld.conf.xml 2020-04-03 09:45:21.499215305 +0200`
Accepting request 736856 from home:lemmy04:branches:security:netfilter - rebased the original patch from revision 19 - apply patch only on openSUSE < TW, and SLES. - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 OBS-URL: https://build.opensuse.org/request/show/736856 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96 2019-10-10 15:08:15 +02:00			`@@ -149,8 +149,8 @@`
			`<listitem>`
			`<para>`
			`Selects the firewall backend implementation. Possible values`
			`- are; <replaceable>nftables</replaceable> (default), or`
			`- <replaceable>iptables</replaceable>. This applies to all`
			`+ are; <replaceable>nftables</replaceable>, or`
			`+ <replaceable>iptables</replaceable> (default). This applies to all`
			`firewalld primitives. The only exception is direct and`
			`passthrough rules which always use the traditional iptables,`
			`ip6tables, and ebtables backends.`
Accepting request 791189 from home:lemmy04:branches:security:netfilter - Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/.at changes doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject" OBS-URL: https://build.opensuse.org/request/show/791189 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101 2020-04-03 14:30:54 +02:00			`diff -burNE firewalld-0.7.4_orig/src/firewall/config/__init__.py.in firewalld-0.7.4/src/firewall/config/__init__.py.in`
			`--- firewalld-0.7.4_orig/src/firewall/config/__init__.py.in 2020-04-03 09:45:05.367920215 +0200`
			`+++ firewalld-0.7.4/src/firewall/config/__init__.py.in 2020-04-03 09:45:21.503215130 +0200`
			`@@ -128,7 +128,7 @@`
Accepting request 736856 from home:lemmy04:branches:security:netfilter - rebased the original patch from revision 19 - apply patch only on openSUSE < TW, and SLES. - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 OBS-URL: https://build.opensuse.org/request/show/736856 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96 2019-10-10 15:08:15 +02:00			`FALLBACK_INDIVIDUAL_CALLS = False`
			`FALLBACK_LOG_DENIED = "off"`
			`FALLBACK_AUTOMATIC_HELPERS = "system"`
			`-FALLBACK_FIREWALL_BACKEND = "nftables"`
			`+FALLBACK_FIREWALL_BACKEND = "iptables"`
			`FALLBACK_FLUSH_ALL_ON_RELOAD = True`
			`FALLBACK_RFC3964_IPV4 = True`
Accepting request 791189 from home:lemmy04:branches:security:netfilter - Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/.at changes doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject" OBS-URL: https://build.opensuse.org/request/show/791189 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=101 2020-04-03 14:30:54 +02:00			`FALLBACK_ALLOW_ZONE_DRIFTING = False`