SHA256
1
0
forked from pool/firewalld

Restore package to Factory version

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=81
This commit is contained in:
Markos Chandras 2018-09-04 07:50:48 +00:00 committed by Git OBS Bridge
parent 4870327e98
commit 5b572a40ef
3 changed files with 63 additions and 8 deletions

View File

@ -0,0 +1,59 @@
From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Mon, 13 Aug 2018 22:31:04 +0300
Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
Switch default backend to 'iptables'. Some packages (eg docker)
are not able to work well with nftables right now, so lets stick
with iptables as default backend.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
Signed-off-by: Markos Chandras <mchandras@suse.de>
---
config/firewalld.conf | 6 +++---
doc/xml/firewalld.conf.xml | 4 ++--
src/firewall/config/__init__.py.in | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/config/firewalld.conf b/config/firewalld.conf
index b53c0aa5..e6afde19 100644
--- a/config/firewalld.conf
+++ b/config/firewalld.conf
@@ -59,6 +59,6 @@ AutomaticHelpers=system
# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
-# - nftables (default)
-# - iptables (iptables, ip6tables, ebtables and ipset)
-FirewallBackend=nftables
+# - nftables
+# - iptables (default)
+FirewallBackend=iptables
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
index df4b9521..fee0d3ca 100644
--- a/doc/xml/firewalld.conf.xml
+++ b/doc/xml/firewalld.conf.xml
@@ -149,8 +149,8 @@
<listitem>
<para>
Selects the firewall backend implementation. Possible values
- are; <replaceable>nftables</replaceable> (default), or
- <replaceable>iptables</replaceable>. This applies to all
+ are; <replaceable>nftables</replaceable>, or
+ <replaceable>iptables</replaceable> (default). This applies to all
firewalld primitives. The only exception is direct and
passthrough rules which always use the traditional iptables,
ip6tables, and ebtables backends.
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
index 955be320..cff7c3fe 100644
--- a/src/firewall/config/__init__.py.in
+++ b/src/firewall/config/__init__.py.in
@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
FALLBACK_INDIVIDUAL_CALLS = False
FALLBACK_LOG_DENIED = "off"
FALLBACK_AUTOMATIC_HELPERS = "system"
-FALLBACK_FIREWALL_BACKEND = "nftables"
+FALLBACK_FIREWALL_BACKEND = "iptables"
--
2.16.4

View File

@ -7,13 +7,6 @@ Sun Sep 2 03:50:37 UTC 2018 - luc14n0@linuxmail.org
crashes. Patch provided by upstream (boo#1106319,
gh#firewalld/firewalld#370).
-------------------------------------------------------------------
Wed Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
- Restore nftables as default backend (bsc#1102761). nftables and
iptables can co-exist but the 'nat' table had a bug which was fixed
in kernel-4.18.
-------------------------------------------------------------------
Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de

View File

@ -28,8 +28,10 @@ License: GPL-2.0-or-later
Group: Productivity/Networking/Security
Url: http://www.firewalld.org
Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch
# PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False"
Patch0: firewalld-fix-firewalld-config-crash.patch
Patch1: firewalld-fix-firewalld-config-crash.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: desktop-file-utils
@ -113,6 +115,7 @@ firewalld.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
# bsc#1078223
rm config/services/high-availability.xml