firewalld/0001-firewall-backend-Switch-default-backend-to-iptables.patch

diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf
--- firewalld-0.7.2_orig/config/firewalld.conf	2019-10-10 14:29:04.022394133 +0200
+++ firewalld-0.7.2/config/firewalld.conf	2019-10-10 14:30:12.102256167 +0200
@@ -53,9 +53,9 @@
 # FirewallBackend
 # Selects the firewall backend implementation.
 # Choices are:
-#	- nftables (default)
-#	- iptables (iptables, ip6tables, ebtables and ipset)
-FirewallBackend=nftables
+#	- nftables
+#	- iptables (iptables, ip6tables, ebtables and ipset) (default)
+FirewallBackend=iptables
 
 # FlushAllOnReload
 # Flush all runtime rules on a reload. In previous releases some runtime
diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml
--- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml	2019-10-10 14:29:04.026394125 +0200
+++ firewalld-0.7.2/doc/xml/firewalld.conf.xml	2019-10-10 14:29:19.766362228 +0200
@@ -149,8 +149,8 @@
             <listitem>
                 <para>
                 Selects the firewall backend implementation. Possible values
-                are; <replaceable>nftables</replaceable> (default), or
-                <replaceable>iptables</replaceable>. This applies to all
+                are; <replaceable>nftables</replaceable>, or
+                <replaceable>iptables</replaceable> (default). This applies to all
                 firewalld primitives. The only exception is direct and
                 passthrough rules which always use the traditional iptables,
                 ip6tables, and ebtables backends.
diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in
--- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in	2019-10-10 14:29:04.030394117 +0200
+++ firewalld-0.7.2/src/firewall/config/__init__.py.in	2019-10-10 14:31:06.522145883 +0200
@@ -129,6 +129,6 @@
 FALLBACK_INDIVIDUAL_CALLS = False
 FALLBACK_LOG_DENIED = "off"
 FALLBACK_AUTOMATIC_HELPERS = "system"
-FALLBACK_FIREWALL_BACKEND = "nftables"
+FALLBACK_FIREWALL_BACKEND = "iptables"
 FALLBACK_FLUSH_ALL_ON_RELOAD = True
 FALLBACK_RFC3964_IPV4 = True
Accepting request 736856 from home:lemmy04:branches:security:netfilter - rebased the original patch from revision 19 - apply patch only on openSUSE < TW, and SLES. - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 OBS-URL: https://build.opensuse.org/request/show/736856 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96 2019-10-10 15:08:15 +02:00			`diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf`
			`--- firewalld-0.7.2_orig/config/firewalld.conf 2019-10-10 14:29:04.022394133 +0200`
			`+++ firewalld-0.7.2/config/firewalld.conf 2019-10-10 14:30:12.102256167 +0200`
			`@@ -53,9 +53,9 @@`
			`# FirewallBackend`
			`# Selects the firewall backend implementation.`
			`# Choices are:`
			`-# - nftables (default)`
			`-# - iptables (iptables, ip6tables, ebtables and ipset)`
			`-FirewallBackend=nftables`
			`+# - nftables`
			`+# - iptables (iptables, ip6tables, ebtables and ipset) (default)`
			`+FirewallBackend=iptables`

			`# FlushAllOnReload`
			`# Flush all runtime rules on a reload. In previous releases some runtime`
			`diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml`
			`--- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml 2019-10-10 14:29:04.026394125 +0200`
			`+++ firewalld-0.7.2/doc/xml/firewalld.conf.xml 2019-10-10 14:29:19.766362228 +0200`
			`@@ -149,8 +149,8 @@`
			`<listitem>`
			`<para>`
			`Selects the firewall backend implementation. Possible values`
			`- are; <replaceable>nftables</replaceable> (default), or`
			`- <replaceable>iptables</replaceable>. This applies to all`
			`+ are; <replaceable>nftables</replaceable>, or`
			`+ <replaceable>iptables</replaceable> (default). This applies to all`
			`firewalld primitives. The only exception is direct and`
			`passthrough rules which always use the traditional iptables,`
			`ip6tables, and ebtables backends.`
			`diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in`
			`--- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in 2019-10-10 14:29:04.030394117 +0200`
			`+++ firewalld-0.7.2/src/firewall/config/__init__.py.in 2019-10-10 14:31:06.522145883 +0200`
			`@@ -129,6 +129,6 @@`
			`FALLBACK_INDIVIDUAL_CALLS = False`
			`FALLBACK_LOG_DENIED = "off"`
			`FALLBACK_AUTOMATIC_HELPERS = "system"`
			`-FALLBACK_FIREWALL_BACKEND = "nftables"`
			`+FALLBACK_FIREWALL_BACKEND = "iptables"`
			`FALLBACK_FLUSH_ALL_ON_RELOAD = True`
			`FALLBACK_RFC3964_IPV4 = True`