diff --git a/0001-firewall-backend-Switch-default-backend-to-iptables.patch b/0001-firewall-backend-Switch-default-backend-to-iptables.patch new file mode 100644 index 0000000..de11a7f --- /dev/null +++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch @@ -0,0 +1,59 @@ +From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Mon, 13 Aug 2018 22:31:04 +0300 +Subject: [PATCH] firewall: backend: Switch default backend to 'iptables' + +Switch default backend to 'iptables'. Some packages (eg docker) +are not able to work well with nftables right now, so lets stick +with iptables as default backend. + +Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761 +Signed-off-by: Markos Chandras +--- + config/firewalld.conf | 6 +++--- + doc/xml/firewalld.conf.xml | 4 ++-- + src/firewall/config/__init__.py.in | 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/config/firewalld.conf b/config/firewalld.conf +index b53c0aa5..e6afde19 100644 +--- a/config/firewalld.conf ++++ b/config/firewalld.conf +@@ -59,6 +59,6 @@ AutomaticHelpers=system + # FirewallBackend + # Selects the firewall backend implementation. + # Choices are: +-# - nftables (default) +-# - iptables (iptables, ip6tables, ebtables and ipset) +-FirewallBackend=nftables ++# - nftables ++# - iptables (default) ++FirewallBackend=iptables +diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml +index df4b9521..fee0d3ca 100644 +--- a/doc/xml/firewalld.conf.xml ++++ b/doc/xml/firewalld.conf.xml +@@ -149,8 +149,8 @@ + + + Selects the firewall backend implementation. Possible values +- are; nftables (default), or +- iptables. This applies to all ++ are; nftables, or ++ iptables (default). This applies to all + firewalld primitives. The only exception is direct and + passthrough rules which always use the traditional iptables, + ip6tables, and ebtables backends. +diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in +index 955be320..cff7c3fe 100644 +--- a/src/firewall/config/__init__.py.in ++++ b/src/firewall/config/__init__.py.in +@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True + FALLBACK_INDIVIDUAL_CALLS = False + FALLBACK_LOG_DENIED = "off" + FALLBACK_AUTOMATIC_HELPERS = "system" +-FALLBACK_FIREWALL_BACKEND = "nftables" ++FALLBACK_FIREWALL_BACKEND = "iptables" +-- +2.16.4 + diff --git a/firewalld.changes b/firewalld.changes index ec208aa..9a2c69a 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -4,6 +4,7 @@ Mon Aug 13 19:08:39 UTC 2018 - mchandras@suse.de - Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing. + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch ------------------------------------------------------------------- Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de diff --git a/firewalld.spec b/firewalld.spec index 04f8320..be38768 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -28,6 +28,8 @@ License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761) +Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -110,14 +112,12 @@ firewalld. %prep %setup -q +# bsc#1102761 - switch to iptables as default +%patch0 -p1 # bsc#1078223 rm config/services/high-availability.xml -# bsc#1102761 - switch to iptables as default -sed -i "/^FirewallBackend/s/=.*/=iptables/" config/firewalld.conf -sed -i '/^FALLBACK_FIREWALL_BACKEND/s/=.*/= "iptables"/' src/firewall/config/__init__.py.in - %build export PYTHON="%{_bindir}/python3" ./autogen.sh