d6d990908d
- update to 0.8.3: * nftables: convert to libnftables JSON interface * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. * allow custom helpers using standard helper modules (rhbz 1733066) * testsuite is now shipped in the dist tarball * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting * fix: add logrotate policy * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: ipset types using “port” * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify –set-target values “default” vs “reject” * fix: update dynamic DCE RPC ports in freeipa-trust service * fix: nftables: ipset: port ranges for non-default protocols OBS-URL: https://build.opensuse.org/request/show/827072 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=103
46 lines
2.0 KiB
Diff
46 lines
2.0 KiB
Diff
Index: firewalld-0.8.3/config/firewalld.conf
|
|
===================================================================
|
|
--- firewalld-0.8.3.orig/config/firewalld.conf
|
|
+++ firewalld-0.8.3/config/firewalld.conf
|
|
@@ -43,9 +43,9 @@ LogDenied=off
|
|
# FirewallBackend
|
|
# Selects the firewall backend implementation.
|
|
# Choices are:
|
|
-# - nftables (default)
|
|
-# - iptables (iptables, ip6tables, ebtables and ipset)
|
|
-FirewallBackend=nftables
|
|
+# - nftables
|
|
+# - iptables (iptables, ip6tables, ebtables and ipset) (default)
|
|
+FirewallBackend=iptables
|
|
|
|
# FlushAllOnReload
|
|
# Flush all runtime rules on a reload. In previous releases some runtime
|
|
Index: firewalld-0.8.3/doc/xml/firewalld.conf.xml
|
|
===================================================================
|
|
--- firewalld-0.8.3.orig/doc/xml/firewalld.conf.xml
|
|
+++ firewalld-0.8.3/doc/xml/firewalld.conf.xml
|
|
@@ -149,8 +149,8 @@
|
|
<listitem>
|
|
<para>
|
|
Selects the firewall backend implementation. Possible values
|
|
- are; <replaceable>nftables</replaceable> (default), or
|
|
- <replaceable>iptables</replaceable>. This applies to all
|
|
+ are; <replaceable>nftables</replaceable>, or
|
|
+ <replaceable>iptables</replaceable> (default). This applies to all
|
|
firewalld primitives. The only exception is direct and
|
|
passthrough rules which always use the traditional iptables,
|
|
ip6tables, and ebtables backends.
|
|
Index: firewalld-0.8.3/src/firewall/config/__init__.py.in
|
|
===================================================================
|
|
--- firewalld-0.8.3.orig/src/firewall/config/__init__.py.in
|
|
+++ firewalld-0.8.3/src/firewall/config/__init__.py.in
|
|
@@ -127,7 +127,7 @@ FALLBACK_IPV6_RPFILTER = True
|
|
FALLBACK_INDIVIDUAL_CALLS = False
|
|
FALLBACK_LOG_DENIED = "off"
|
|
FALLBACK_AUTOMATIC_HELPERS = "no"
|
|
-FALLBACK_FIREWALL_BACKEND = "nftables"
|
|
+FALLBACK_FIREWALL_BACKEND = "iptables"
|
|
FALLBACK_FLUSH_ALL_ON_RELOAD = True
|
|
FALLBACK_RFC3964_IPV4 = True
|
|
FALLBACK_ALLOW_ZONE_DRIFTING = False
|