diff --git a/0001-firewall-backend-Switch-default-backend-to-iptables.patch b/0001-firewall-backend-Switch-default-backend-to-iptables.patch new file mode 100644 index 0000000..942384c --- /dev/null +++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch @@ -0,0 +1,41 @@ +diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf +--- firewalld-0.7.2_orig/config/firewalld.conf 2019-10-10 14:29:04.022394133 +0200 ++++ firewalld-0.7.2/config/firewalld.conf 2019-10-10 14:30:12.102256167 +0200 +@@ -53,9 +53,9 @@ + # FirewallBackend + # Selects the firewall backend implementation. + # Choices are: +-# - nftables (default) +-# - iptables (iptables, ip6tables, ebtables and ipset) +-FirewallBackend=nftables ++# - nftables ++# - iptables (iptables, ip6tables, ebtables and ipset) (default) ++FirewallBackend=iptables + + # FlushAllOnReload + # Flush all runtime rules on a reload. In previous releases some runtime +diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml +--- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml 2019-10-10 14:29:04.026394125 +0200 ++++ firewalld-0.7.2/doc/xml/firewalld.conf.xml 2019-10-10 14:29:19.766362228 +0200 +@@ -149,8 +149,8 @@ + + + Selects the firewall backend implementation. Possible values +- are; nftables (default), or +- iptables. This applies to all ++ are; nftables, or ++ iptables (default). This applies to all + firewalld primitives. The only exception is direct and + passthrough rules which always use the traditional iptables, + ip6tables, and ebtables backends. +diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in +--- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in 2019-10-10 14:29:04.030394117 +0200 ++++ firewalld-0.7.2/src/firewall/config/__init__.py.in 2019-10-10 14:31:06.522145883 +0200 +@@ -129,6 +129,6 @@ + FALLBACK_INDIVIDUAL_CALLS = False + FALLBACK_LOG_DENIED = "off" + FALLBACK_AUTOMATIC_HELPERS = "system" +-FALLBACK_FIREWALL_BACKEND = "nftables" ++FALLBACK_FIREWALL_BACKEND = "iptables" + FALLBACK_FLUSH_ALL_ON_RELOAD = True + FALLBACK_RFC3964_IPV4 = True diff --git a/_service b/_service index 376e8ed..bddbbce 100644 --- a/_service +++ b/_service @@ -5,7 +5,7 @@ firewalld @PARENT_TAG@ v(.*) - v0.7.1 + v0.7.2 enable diff --git a/_servicedata b/_servicedata index b54112c..bc5c545 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/firewalld/firewalld - 503cd915c9172903bf2f98466b6e872ba1355f4f \ No newline at end of file + 06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0 \ No newline at end of file diff --git a/firewalld-0.7.1.obscpio b/firewalld-0.7.1.obscpio deleted file mode 100644 index a8befd6..0000000 --- a/firewalld-0.7.1.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b39484792f4b8848c90288c3b86b164ae697c2da0c2cb9d50f70f0faff4265f -size 8258061 diff --git a/firewalld-0.7.2.obscpio b/firewalld-0.7.2.obscpio new file mode 100644 index 0000000..e2657e9 --- /dev/null +++ b/firewalld-0.7.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e2804c025b0c9de766c6b270251dae977290069b84667c8a32dddfea9b1ecd9a +size 7193613 diff --git a/firewalld.changes b/firewalld.changes index 5aee4f2..70d40c4 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Thu Oct 10 12:40:49 UTC 2019 - Mathias Homann + +- rebased the original patch from revision 19 +- apply patch only on openSUSE < TW, and SLES. + +------------------------------------------------------------------- +Fri Oct 4 09:44:37 UTC 2019 - Mathias Homann + +- Added a patch to make iptables the default again on openSUSE + +------------------------------------------------------------------- +Fri Oct 4 09:10:54 UTC 2019 - Mathias Homann + +- Update to version 0.7.2: +This is a bug fix only release. + + * fix: direct: removeRules() was mistakenly removing all rules + * fix: guarantee zone source dispatch is sorted by zone name + * fix: nftables: fix zone dispatch using ipset sources in nat chains + * doc: add --default-config and --system-config + * fix: --add-masquerade should only affect ipv4 + * fix: nftables: --forward-ports should only affect IPv4 + * fix: direct: removeRules() not removing all rules in chain + * dbus: service: fix service includes individual APIs + * fix: allow custom helpers using standard helper modules + * fix: service: usage of helpers with '-' in name + * fix: Revert "ebtables: drop support for broute table" + * fix: ebtables: don't use tables that aren't available + * fix: fw: initialize _rfc3964_ipv4 + + ------------------------------------------------------------------- Mon Sep 09 09:59:00 UTC 2019 - mrostecki@opensuse.org diff --git a/firewalld.obsinfo b/firewalld.obsinfo index 97e13a7..126ee63 100644 --- a/firewalld.obsinfo +++ b/firewalld.obsinfo @@ -1,5 +1,5 @@ name: firewalld -version: 0.7.1 -mtime: 1563830196 -commit: 503cd915c9172903bf2f98466b6e872ba1355f4f +version: 0.7.2 +mtime: 1569950644 +commit: 06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0 diff --git a/firewalld.spec b/firewalld.spec index 37ea1b0..ff54257 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -21,13 +21,15 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.7.1 +Version: 0.7.2 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: %{name}-%{version}.tar.xz +Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -114,6 +116,14 @@ firewalld. # bsc#1078223 rm config/services/high-availability.xml +# +# Patch added: opensuse still uses iptables by default, +# so let's make this the default for anything << Tumbleweed +# +%if 0%{?sle_version} > 0 && 0%{?suse_version} < 1550 +%patch0 -p1 +%endif + %build export PYTHON="%{_bindir}/python3" ./autogen.sh