pool/firewalld
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8a30f7c14c
firewalld/0001-firewall-backend-Switch-default-backend-to-iptables.patch
Michał Rostecki 1bd6d8a100 Accepting request 736856 from home:lemmy04:branches:security:netfilter 
- rebased the original patch from revision 19
- apply patch only on openSUSE < TW, and SLES.
- Added a patch to make iptables the default again on openSUSE
- Update to version 0.7.2:
This is a bug fix only release.
  * fix: direct: removeRules() was mistakenly removing all rules
  * fix: guarantee zone source dispatch is sorted by zone name
  * fix: nftables: fix zone dispatch using ipset sources in nat chains
  * doc: add --default-config and --system-config
  * fix: --add-masquerade should only affect ipv4
  * fix: nftables: --forward-ports should only affect IPv4
  * fix: direct: removeRules() not removing all rules in chain
  * dbus: service: fix service includes individual APIs
  * fix: allow custom helpers using standard helper modules
  * fix: service: usage of helpers with '-' in name
  * fix: Revert "ebtables: drop support for broute table"
  * fix: ebtables: don't use tables that aren't available
  * fix: fw: initialize _rfc3964_ipv4

OBS-URL: https://build.opensuse.org/request/show/736856
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96
2019-10-10 13:08:15 +00:00

42 lines
2.1 KiB
Diff
Raw Blame History

diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf
--- firewalld-0.7.2_orig/config/firewalld.conf 2019-10-10 14:29:04.022394133 +0200
+++ firewalld-0.7.2/config/firewalld.conf 2019-10-10 14:30:12.102256167 +0200
@@ -53,9 +53,9 @@
# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
-# - nftables (default)
-# - iptables (iptables, ip6tables, ebtables and ipset)
-FirewallBackend=nftables
+# - nftables
+# - iptables (iptables, ip6tables, ebtables and ipset) (default)
+FirewallBackend=iptables
# FlushAllOnReload
# Flush all runtime rules on a reload. In previous releases some runtime
diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml
--- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml 2019-10-10 14:29:04.026394125 +0200
+++ firewalld-0.7.2/doc/xml/firewalld.conf.xml 2019-10-10 14:29:19.766362228 +0200
@@ -149,8 +149,8 @@
<listitem>
<para>
Selects the firewall backend implementation. Possible values
- are; <replaceable>nftables</replaceable> (default), or
- <replaceable>iptables</replaceable>. This applies to all
+ are; <replaceable>nftables</replaceable>, or
+ <replaceable>iptables</replaceable> (default). This applies to all
firewalld primitives. The only exception is direct and
passthrough rules which always use the traditional iptables,
ip6tables, and ebtables backends.
diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in
--- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in 2019-10-10 14:29:04.030394117 +0200
+++ firewalld-0.7.2/src/firewall/config/__init__.py.in 2019-10-10 14:31:06.522145883 +0200
@@ -129,6 +129,6 @@
FALLBACK_INDIVIDUAL_CALLS = False
FALLBACK_LOG_DENIED = "off"
FALLBACK_AUTOMATIC_HELPERS = "system"
-FALLBACK_FIREWALL_BACKEND = "nftables"
+FALLBACK_FIREWALL_BACKEND = "iptables"
FALLBACK_FLUSH_ALL_ON_RELOAD = True
FALLBACK_RFC3964_IPV4 = True
Reference in New Issue View Git Blame Copy Permalink