forked from pool/firewalld
- Restore nftables as default backend (bsc#1102761). nftables and
iptables can co-exist but the 'nat' table had a bug which was fixed in kernel-4.18. OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=78
This commit is contained in:
parent
fb97f07a3e
commit
d850d0365e
@ -1,59 +0,0 @@
|
||||
From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
|
||||
From: Markos Chandras <mchandras@suse.de>
|
||||
Date: Mon, 13 Aug 2018 22:31:04 +0300
|
||||
Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
|
||||
|
||||
Switch default backend to 'iptables'. Some packages (eg docker)
|
||||
are not able to work well with nftables right now, so lets stick
|
||||
with iptables as default backend.
|
||||
|
||||
Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
|
||||
Signed-off-by: Markos Chandras <mchandras@suse.de>
|
||||
---
|
||||
config/firewalld.conf | 6 +++---
|
||||
doc/xml/firewalld.conf.xml | 4 ++--
|
||||
src/firewall/config/__init__.py.in | 2 +-
|
||||
3 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/config/firewalld.conf b/config/firewalld.conf
|
||||
index b53c0aa5..e6afde19 100644
|
||||
--- a/config/firewalld.conf
|
||||
+++ b/config/firewalld.conf
|
||||
@@ -59,6 +59,6 @@ AutomaticHelpers=system
|
||||
# FirewallBackend
|
||||
# Selects the firewall backend implementation.
|
||||
# Choices are:
|
||||
-# - nftables (default)
|
||||
-# - iptables (iptables, ip6tables, ebtables and ipset)
|
||||
-FirewallBackend=nftables
|
||||
+# - nftables
|
||||
+# - iptables (default)
|
||||
+FirewallBackend=iptables
|
||||
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
|
||||
index df4b9521..fee0d3ca 100644
|
||||
--- a/doc/xml/firewalld.conf.xml
|
||||
+++ b/doc/xml/firewalld.conf.xml
|
||||
@@ -149,8 +149,8 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Selects the firewall backend implementation. Possible values
|
||||
- are; <replaceable>nftables</replaceable> (default), or
|
||||
- <replaceable>iptables</replaceable>. This applies to all
|
||||
+ are; <replaceable>nftables</replaceable>, or
|
||||
+ <replaceable>iptables</replaceable> (default). This applies to all
|
||||
firewalld primitives. The only exception is direct and
|
||||
passthrough rules which always use the traditional iptables,
|
||||
ip6tables, and ebtables backends.
|
||||
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
|
||||
index 955be320..cff7c3fe 100644
|
||||
--- a/src/firewall/config/__init__.py.in
|
||||
+++ b/src/firewall/config/__init__.py.in
|
||||
@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
|
||||
FALLBACK_INDIVIDUAL_CALLS = False
|
||||
FALLBACK_LOG_DENIED = "off"
|
||||
FALLBACK_AUTOMATIC_HELPERS = "system"
|
||||
-FALLBACK_FIREWALL_BACKEND = "nftables"
|
||||
+FALLBACK_FIREWALL_BACKEND = "iptables"
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,10 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 13 19:08:39 UTC 2018 - mchandras@suse.de
|
||||
Mon Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
|
||||
|
||||
- Also switch firewall backend fallback to 'iptables' (bsc#1102761)
|
||||
This ensures that existing configuration files will keep working
|
||||
even if FirewallBackend option is missing.
|
||||
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch
|
||||
- Restore nftables as default backend (bsc#1102761). nftables and
|
||||
iptables can co-exist but the 'nat' table had a bug which was fixed
|
||||
in kernel-4.18.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de
|
||||
|
@ -28,8 +28,6 @@ License: GPL-2.0-or-later
|
||||
Group: Productivity/Networking/Security
|
||||
Url: http://www.firewalld.org
|
||||
Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
|
||||
Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: desktop-file-utils
|
||||
@ -112,8 +110,6 @@ firewalld.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
# bsc#1102761 - switch to iptables as default
|
||||
%patch0 -p1
|
||||
|
||||
# bsc#1078223
|
||||
rm config/services/high-availability.xml
|
||||
|
Loading…
Reference in New Issue
Block a user