rpms / firewalld

Clone
Source Code
GIT

Blame 0001-fedora-patch-to-default-to-iptables-backend.patch

f14-dummy f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f29
  2.   0001-fedora-patch-to-default-to-iptables-backend.patch
Blob History Raw
7c611c4 
From a628d6e3a710fb8379cf2fb319cdafc06dd2dad6 Mon Sep 17 00:00:00 2001
7c611c4 
From: Eric Garver <e@erig.me>
7c611c4 
Date: Thu, 30 Aug 2018 16:34:19 -0400
7c611c4 
Subject: [PATCH] fedora patch to default to iptables backend
7c611c4
7c611c4 
---
7c611c4 
 config/firewalld.conf                  |  7 -------
7c611c4 
 src/firewall/config/__init__.py.in     |  2 +-
7c611c4 
 src/firewall/core/io/firewalld_conf.py | 17 +++++++++++++++++
7c611c4 
 src/tests/dbus/firewalld.conf.at       |  2 +-
7c611c4 
 src/tests/functions.at                 |  4 ++--
7c611c4 
 5 files changed, 21 insertions(+), 11 deletions(-)
7c611c4
7c611c4 
diff --git a/config/firewalld.conf b/config/firewalld.conf
7c611c4 
index b53c0aa50c53..63df409bf567 100644
7c611c4 
--- a/config/firewalld.conf
7c611c4 
+++ b/config/firewalld.conf
7c611c4 
@@ -55,10 +55,3 @@ LogDenied=off
7c611c4 
 # will be used. Possible values are: yes, no and system.
7c611c4 
 # Default: system
7c611c4 
 AutomaticHelpers=system
7c611c4 
-
7c611c4 
-# FirewallBackend
7c611c4 
-# Selects the firewall backend implementation.
7c611c4 
-# Choices are:
7c611c4 
-#	- nftables (default)
7c611c4 
-#	- iptables (iptables, ip6tables, ebtables and ipset)
7c611c4 
-FirewallBackend=nftables
7c611c4 
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
7c611c4 
index 955be32077e1..cff7c3fe9025 100644
7c611c4 
--- a/src/firewall/config/__init__.py.in
7c611c4 
+++ b/src/firewall/config/__init__.py.in
7c611c4 
@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
7c611c4 
 FALLBACK_INDIVIDUAL_CALLS = False
7c611c4 
 FALLBACK_LOG_DENIED = "off"
7c611c4 
 FALLBACK_AUTOMATIC_HELPERS = "system"
7c611c4 
-FALLBACK_FIREWALL_BACKEND = "nftables"
7c611c4 
+FALLBACK_FIREWALL_BACKEND = "iptables"
7c611c4 
diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py
7c611c4 
index 4d57bad693c1..6264f45a1913 100644
7c611c4 
--- a/src/firewall/core/io/firewalld_conf.py
7c611c4 
+++ b/src/firewall/core/io/firewalld_conf.py
7c611c4 
@@ -240,6 +240,12 @@ class firewalld_conf(object):
7c611c4 
                     if key not in done:
7c611c4 
                         if (key in self._config and \
7c611c4 
                                 self._config[key] != value):
7c611c4 
+                            # Only write FirewallBackend if it's not the default.
7c611c4 
+                            # We will change the default in the future.
7c611c4 
+                            if key == "FirewallBackend" and \
7c611c4 
+                               self._config[key] == config.FALLBACK_FIREWALL_BACKEND:
7c611c4 
+                                done.append(key)
7c611c4 
+                                continue
7c611c4 
                             empty = False
7c611c4 
                             temp_file.write(u'%s=%s\n' %
7c611c4 
                                             (key, self._config[key]))
7c611c4 
@@ -247,6 +253,12 @@ class firewalld_conf(object):
7c611c4 
                         elif key in self._deleted:
7c611c4 
                             modified = True
7c611c4 
                         else:
7c611c4 
+                            # Only write FirewallBackend if it's not the default.
7c611c4 
+                            # We will change the default in the future.
7c611c4 
+                            if key == "FirewallBackend" and \
7c611c4 
+                               value == config.FALLBACK_FIREWALL_BACKEND:
7c611c4 
+                                done.append(key)
7c611c4 
+                                continue
7c611c4 
                             empty = False
7c611c4 
                             temp_file.write(line+u"\n")
7c611c4 
                         done.append(key)
7c611c4 
@@ -258,6 +270,11 @@ class firewalld_conf(object):
7c611c4 
             for (key,value) in self._config.items():
7c611c4 
                 if key in done:
7c611c4 
                     continue
7c611c4 
+                # Only write FirewallBackend if it's not the default.
7c611c4 
+                # We will change the default in the future.
7c611c4 
+                if key == "FirewallBackend" and \
7c611c4 
+                   value == config.FALLBACK_FIREWALL_BACKEND:
7c611c4 
+                    continue
7c611c4 
                 if not empty:
7c611c4 
                     temp_file.write(u"\n")
7c611c4 
                     empty = True
7c611c4 
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
7c611c4 
index 473210de10af..44e649111ffb 100644
7c611c4 
--- a/src/tests/dbus/firewalld.conf.at
7c611c4 
+++ b/src/tests/dbus/firewalld.conf.at
7c611c4 
@@ -5,7 +5,7 @@ DBUS_GETALL([config], [config], 0, [dnl
7c611c4 
 string "AutomaticHelpers" : variant string "system"
7c611c4 
 string "CleanupOnExit" : variant string "no"
7c611c4 
 string "DefaultZone" : variant string "public"
7c611c4 
-string "FirewallBackend" : variant string "nftables"
7c611c4 
+string "FirewallBackend" : variant string "iptables"
7c611c4 
 m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl
7c611c4 
 string "IPv6_rpfilter" : variant string "no"],[dnl
7c611c4 
 string "IPv6_rpfilter" : variant string "yes"])
7c611c4 
diff --git a/src/tests/functions.at b/src/tests/functions.at
7c611c4 
index 3b79a9f31305..dd7b43d9dac6 100644
7c611c4 
--- a/src/tests/functions.at
7c611c4 
+++ b/src/tests/functions.at
7c611c4 
@@ -65,13 +65,13 @@ m4_define([FWD_START_TEST], [
7c611c4 
     fi
7c611c4
7c611c4 
     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
7c611c4 
-        m4_define_default([FIREWALL_BACKEND], [nftables])
7c611c4 
+        m4_define_default([FIREWALL_BACKEND], [iptables])
7c611c4
7c611c4 
         dnl don't unload modules or bother cleaning up, the namespace will be deleted
7c611c4 
         AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf])
7c611c4
7c611c4 
         dnl set the appropriate backend
7c611c4 
-        AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf])
7c611c4 
+        AT_CHECK([echo "FirewallBackend=FIREWALL_BACKEND" >> ./firewalld.conf])
7c611c4
7c611c4 
         dnl fib matching is pretty new in nftables. Don't use rpfilter on older
7c611c4 
         dnl kernels.
7c611c4 
--
7c611c4 
2.18.0
7c611c4
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.