pool/firewalld
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restore package to Factory version

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=81
This commit is contained in:
Markos Chandras 2018-09-04 07:50:48 +00:00 committed by Git OBS Bridge
parent 4870327e98
commit 5b572a40ef
3 changed files with 63 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
0001-firewall-backend-Switch-default-backend-to-iptables.patch Normal file
View File

@ -0,0 +1,59 @@
From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Mon, 13 Aug 2018 22:31:04 +0300
Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
Switch default backend to 'iptables'. Some packages (eg docker)
are not able to work well with nftables right now, so lets stick
with iptables as default backend.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
Signed-off-by: Markos Chandras <mchandras@suse.de>
---
config/firewalld.conf | 6 +++---
doc/xml/firewalld.conf.xml | 4 ++--
src/firewall/config/__init__.py.in | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/config/firewalld.conf b/config/firewalld.conf
index b53c0aa5..e6afde19 100644
--- a/config/firewalld.conf
+++ b/config/firewalld.conf
@@ -59,6 +59,6 @@ AutomaticHelpers=system
# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
-# - nftables (default)
-# - iptables (iptables, ip6tables, ebtables and ipset)
-FirewallBackend=nftables
+# - nftables
+# - iptables (default)
+FirewallBackend=iptables
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
index df4b9521..fee0d3ca 100644
--- a/doc/xml/firewalld.conf.xml
+++ b/doc/xml/firewalld.conf.xml
@@ -149,8 +149,8 @@
<listitem>
<para>
Selects the firewall backend implementation. Possible values
- are; <replaceable>nftables</replaceable> (default), or
- <replaceable>iptables</replaceable>. This applies to all
+ are; <replaceable>nftables</replaceable>, or
+ <replaceable>iptables</replaceable> (default). This applies to all
firewalld primitives. The only exception is direct and
passthrough rules which always use the traditional iptables,
ip6tables, and ebtables backends.
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
index 955be320..cff7c3fe 100644
--- a/src/firewall/config/__init__.py.in
+++ b/src/firewall/config/__init__.py.in
@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
FALLBACK_INDIVIDUAL_CALLS = False
FALLBACK_LOG_DENIED = "off"
FALLBACK_AUTOMATIC_HELPERS = "system"
-FALLBACK_FIREWALL_BACKEND = "nftables"
+FALLBACK_FIREWALL_BACKEND = "iptables"
--
2.16.4

7
firewalld.changes
View File

@ -7,13 +7,6 @@ Sun Sep 2 03:50:37 UTC 2018 - luc14n0@linuxmail.org
crashes. Patch provided by upstream (boo#1106319, crashes. Patch provided by upstream (boo#1106319,
gh#firewalld/firewalld#370). gh#firewalld/firewalld#370).
-------------------------------------------------------------------
Wed Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
- Restore nftables as default backend (bsc#1102761). nftables and
iptables can co-exist but the 'nat' table had a bug which was fixed
in kernel-4.18.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de

5
firewalld.spec
View File

@ -28,8 +28,10 @@ License: GPL-2.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://www.firewalld.org Url: http://www.firewalld.org
Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch
# PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False" # PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False"
Patch0: firewalld-fix-firewalld-config-crash.patch Patch1: firewalld-fix-firewalld-config-crash.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: desktop-file-utils BuildRequires: desktop-file-utils
@ -113,6 +115,7 @@ firewalld.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
# bsc#1078223 # bsc#1078223
rm config/services/high-availability.xml rm config/services/high-availability.xml