From 5b572a40ef2f34d6dbf7215f84c348305644597f93bd8a5bb5eab77bc4f1121d Mon Sep 17 00:00:00 2001
From: Markos Chandras <hwoarang@silverarrow.org>
Date: Tue, 4 Sep 2018 07:50:48 +0000
Subject: [PATCH] Restore package to Factory version

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=81
---
 ...d-Switch-default-backend-to-iptables.patch | 59 +++++++++++++++++++
 firewalld.changes                             |  7 ---
 firewalld.spec                                |  5 +-
 3 files changed, 63 insertions(+), 8 deletions(-)
 create mode 100644 0001-firewall-backend-Switch-default-backend-to-iptables.patch

diff --git a/0001-firewall-backend-Switch-default-backend-to-iptables.patch b/0001-firewall-backend-Switch-default-backend-to-iptables.patch
new file mode 100644
index 0000000..de11a7f
--- /dev/null
+++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch
@@ -0,0 +1,59 @@
+From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
+From: Markos Chandras <mchandras@suse.de>
+Date: Mon, 13 Aug 2018 22:31:04 +0300
+Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
+
+Switch default backend to 'iptables'. Some packages (eg docker)
+are not able to work well with nftables right now, so lets stick
+with iptables as default backend.
+
+Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
+Signed-off-by: Markos Chandras <mchandras@suse.de>
+---
+ config/firewalld.conf              | 6 +++---
+ doc/xml/firewalld.conf.xml         | 4 ++--
+ src/firewall/config/__init__.py.in | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/config/firewalld.conf b/config/firewalld.conf
+index b53c0aa5..e6afde19 100644
+--- a/config/firewalld.conf
++++ b/config/firewalld.conf
+@@ -59,6 +59,6 @@ AutomaticHelpers=system
+ # FirewallBackend
+ # Selects the firewall backend implementation.
+ # Choices are:
+-#	- nftables (default)
+-#	- iptables (iptables, ip6tables, ebtables and ipset)
+-FirewallBackend=nftables
++#	- nftables
++#	- iptables (default)
++FirewallBackend=iptables
+diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
+index df4b9521..fee0d3ca 100644
+--- a/doc/xml/firewalld.conf.xml
++++ b/doc/xml/firewalld.conf.xml
+@@ -149,8 +149,8 @@
+             <listitem>
+                 <para>
+                 Selects the firewall backend implementation. Possible values
+-                are; <replaceable>nftables</replaceable> (default), or
+-                <replaceable>iptables</replaceable>. This applies to all
++                are; <replaceable>nftables</replaceable>, or
++                <replaceable>iptables</replaceable> (default). This applies to all
+                 firewalld primitives. The only exception is direct and
+                 passthrough rules which always use the traditional iptables,
+                 ip6tables, and ebtables backends.
+diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
+index 955be320..cff7c3fe 100644
+--- a/src/firewall/config/__init__.py.in
++++ b/src/firewall/config/__init__.py.in
+@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
+ FALLBACK_INDIVIDUAL_CALLS = False
+ FALLBACK_LOG_DENIED = "off"
+ FALLBACK_AUTOMATIC_HELPERS = "system"
+-FALLBACK_FIREWALL_BACKEND = "nftables"
++FALLBACK_FIREWALL_BACKEND = "iptables"
+-- 
+2.16.4
+
diff --git a/firewalld.changes b/firewalld.changes
index 52edd0c..783e4f0 100644
--- a/firewalld.changes
+++ b/firewalld.changes
@@ -7,13 +7,6 @@ Sun Sep  2 03:50:37 UTC 2018 - luc14n0@linuxmail.org
   crashes. Patch provided by upstream (boo#1106319,
   gh#firewalld/firewalld#370).
 
--------------------------------------------------------------------
-Wed Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
-
-- Restore nftables as default backend (bsc#1102761). nftables and
-  iptables can co-exist but the 'nat' table had a bug which was fixed
-  in kernel-4.18.
-
 -------------------------------------------------------------------
 Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de
 
diff --git a/firewalld.spec b/firewalld.spec
index 637ea60..a053d4b 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -28,8 +28,10 @@ License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
+Patch0:         0001-firewall-backend-Switch-default-backend-to-iptables.patch
 # PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False"
-Patch0:         firewalld-fix-firewalld-config-crash.patch
+Patch1:         firewalld-fix-firewalld-config-crash.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils
@@ -113,6 +115,7 @@ firewalld.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 # bsc#1078223
 rm config/services/high-availability.xml