From d850d0365eae963cdb648cc7cd1785136cf3a6bc26db8ec2988176bb6538774d Mon Sep 17 00:00:00 2001
From: Markos Chandras <hwoarang@silverarrow.org>
Date: Wed, 15 Aug 2018 13:33:29 +0000
Subject: [PATCH] - Restore nftables as default backend (bsc#1102761). nftables
 and   iptables can co-exist but the 'nat' table had a bug which was fixed  
 in kernel-4.18.

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=78
---
 ...d-Switch-default-backend-to-iptables.patch | 59 -------------------
 firewalld.changes                             |  9 ++-
 firewalld.spec                                |  4 --
 3 files changed, 4 insertions(+), 68 deletions(-)
 delete mode 100644 0001-firewall-backend-Switch-default-backend-to-iptables.patch

diff --git a/0001-firewall-backend-Switch-default-backend-to-iptables.patch b/0001-firewall-backend-Switch-default-backend-to-iptables.patch
deleted file mode 100644
index de11a7f..0000000
--- a/0001-firewall-backend-Switch-default-backend-to-iptables.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
-From: Markos Chandras <mchandras@suse.de>
-Date: Mon, 13 Aug 2018 22:31:04 +0300
-Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
-
-Switch default backend to 'iptables'. Some packages (eg docker)
-are not able to work well with nftables right now, so lets stick
-with iptables as default backend.
-
-Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
-Signed-off-by: Markos Chandras <mchandras@suse.de>
----
- config/firewalld.conf              | 6 +++---
- doc/xml/firewalld.conf.xml         | 4 ++--
- src/firewall/config/__init__.py.in | 2 +-
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/config/firewalld.conf b/config/firewalld.conf
-index b53c0aa5..e6afde19 100644
---- a/config/firewalld.conf
-+++ b/config/firewalld.conf
-@@ -59,6 +59,6 @@ AutomaticHelpers=system
- # FirewallBackend
- # Selects the firewall backend implementation.
- # Choices are:
--#	- nftables (default)
--#	- iptables (iptables, ip6tables, ebtables and ipset)
--FirewallBackend=nftables
-+#	- nftables
-+#	- iptables (default)
-+FirewallBackend=iptables
-diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
-index df4b9521..fee0d3ca 100644
---- a/doc/xml/firewalld.conf.xml
-+++ b/doc/xml/firewalld.conf.xml
-@@ -149,8 +149,8 @@
-             <listitem>
-                 <para>
-                 Selects the firewall backend implementation. Possible values
--                are; <replaceable>nftables</replaceable> (default), or
--                <replaceable>iptables</replaceable>. This applies to all
-+                are; <replaceable>nftables</replaceable>, or
-+                <replaceable>iptables</replaceable> (default). This applies to all
-                 firewalld primitives. The only exception is direct and
-                 passthrough rules which always use the traditional iptables,
-                 ip6tables, and ebtables backends.
-diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
-index 955be320..cff7c3fe 100644
---- a/src/firewall/config/__init__.py.in
-+++ b/src/firewall/config/__init__.py.in
-@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
- FALLBACK_INDIVIDUAL_CALLS = False
- FALLBACK_LOG_DENIED = "off"
- FALLBACK_AUTOMATIC_HELPERS = "system"
--FALLBACK_FIREWALL_BACKEND = "nftables"
-+FALLBACK_FIREWALL_BACKEND = "iptables"
--- 
-2.16.4
-
diff --git a/firewalld.changes b/firewalld.changes
index 9a2c69a..37ddab1 100644
--- a/firewalld.changes
+++ b/firewalld.changes
@@ -1,10 +1,9 @@
 -------------------------------------------------------------------
-Mon Aug 13 19:08:39 UTC 2018 - mchandras@suse.de
+Mon Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
 
-- Also switch firewall backend fallback to 'iptables' (bsc#1102761)
-  This ensures that existing configuration files will keep working
-  even if FirewallBackend option is missing.
-  * 0001-firewall-backend-Switch-default-backend-to-iptables.patch
+- Restore nftables as default backend (bsc#1102761). nftables and
+  iptables can co-exist but the 'nat' table had a bug which was fixed
+  in kernel-4.18.
 
 -------------------------------------------------------------------
 Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de
diff --git a/firewalld.spec b/firewalld.spec
index be38768..dcd98bd 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -28,8 +28,6 @@ License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
-Patch0:         0001-firewall-backend-Switch-default-backend-to-iptables.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils
@@ -112,8 +110,6 @@ firewalld.
 
 %prep
 %setup -q
-# bsc#1102761 - switch to iptables as default
-%patch0 -p1
 
 # bsc#1078223
 rm config/services/high-availability.xml