e903c070c1
- Update to 1.2.1: * fix(modules): don't error if /proc/modules is missing (a1f091d) * fix(readme): format optional <ver> (03e61f2) * docs: add protocols to rich and zones (191cea4) * docs(policy): add priority attribute to rule (616ed7c) * fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b) * fix(failsafe): log exception on fatal failure (af1b8f0) * fix(ipset): defer native ipset creation if nftables (ae0ded4) * fix(nftables): drop invalid packets before zone dispatch (dc972ae) * fix(iptables): drop invalid packets before zone dispatch (83a4608) * fix(policies): Splitting interfaces with wildcards (3806e79) * fix(ipset): exception on overlap checking empty set (bfe827f) * fix(bash): fix ipset commands autocompletion (742669b) * docs(README): fix typo (e40b100) * fix(treewide): misc typos (d121f0c) * fix: firewalld.conf: trim trailing whitespace (21809ed) OBS-URL: https://build.opensuse.org/request/show/1033086 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=133
57 lines
2.3 KiB
Diff
57 lines
2.3 KiB
Diff
From b1145d3efc58220f58a4e67189c4ff4a8bd789ce Mon Sep 17 00:00:00 2001
|
|
From: Michal Rostecki <mrostecki@opensuse.org>
|
|
Date: Mon, 25 Jan 2021 12:58:00 +0100
|
|
Subject: [PATCH] Disable FlushAllOnReload option
|
|
|
|
Disabling the FlushAllOnReload option restores the old behavior where
|
|
--reload does not retain interface to zone assignmnets and direct rules.
|
|
We want to keep that behavior in openSUSE and SLE
|
|
|
|
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
|
|
---
|
|
config/firewalld.conf | 4 ++--
|
|
doc/xml/firewalld.conf.xml | 2 +-
|
|
src/firewall/config/__init__.py.in | 2 +-
|
|
3 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
Index: firewalld-1.2.1/config/firewalld.conf
|
|
===================================================================
|
|
--- firewalld-1.2.1.orig/config/firewalld.conf
|
|
+++ firewalld-1.2.1/config/firewalld.conf
|
|
@@ -63,8 +63,8 @@ FirewallBackend=nftables
|
|
# configuration was retained during a reload, namely; interface to zone
|
|
# assignment, and direct rules. This was confusing to users. To get the old
|
|
# behavior set this to "no".
|
|
-# Default: yes
|
|
-FlushAllOnReload=yes
|
|
+# Default: no
|
|
+FlushAllOnReload=no
|
|
|
|
# RFC3964_IPv4
|
|
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
|
|
Index: firewalld-1.2.1/doc/xml/firewalld.conf.xml
|
|
===================================================================
|
|
--- firewalld-1.2.1.orig/doc/xml/firewalld.conf.xml
|
|
+++ firewalld-1.2.1/doc/xml/firewalld.conf.xml
|
|
@@ -190,7 +190,7 @@
|
|
runtime configuration was retained during a reload, namely;
|
|
interface to zone assignment, and direct rules. This was
|
|
confusing to users. To get the old behavior set this to "no".
|
|
- Defaults to "yes".
|
|
+ Defaults to "no".
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
Index: firewalld-1.2.1/src/firewall/config/__init__.py.in
|
|
===================================================================
|
|
--- firewalld-1.2.1.orig/src/firewall/config/__init__.py.in
|
|
+++ firewalld-1.2.1/src/firewall/config/__init__.py.in
|
|
@@ -132,6 +132,6 @@ FALLBACK_INDIVIDUAL_CALLS = False
|
|
FALLBACK_LOG_DENIED = "off"
|
|
FALLBACK_AUTOMATIC_HELPERS = "no"
|
|
FALLBACK_FIREWALL_BACKEND = "nftables"
|
|
-FALLBACK_FLUSH_ALL_ON_RELOAD = True
|
|
+FALLBACK_FLUSH_ALL_ON_RELOAD = False
|
|
FALLBACK_RFC3964_IPV4 = True
|
|
FALLBACK_ALLOW_ZONE_DRIFTING = False
|