Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
firewalld
0001-firewall-core-Always-reload-the-permanent-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-firewall-core-Always-reload-the-permanent-configurat.patch of Package firewalld
From 159acbb8e2b6853aa68ca84bb8b22c4438c2c7d4 Mon Sep 17 00:00:00 2001 From: Markos Chandras <mchandras@suse.de> Date: Wed, 17 Oct 2018 10:39:42 +0100 Subject: [PATCH] firewall: core: Always reload the permanent configuration on firewall reloads Even on --reload some runtime configuration was being retained. This was a surprise to many users. This commit is based on upstream commit 242bc4e2e20c6944164fe2495598982b1cfcc4fe (Add "FlushAllOnReload" config option). However, the upstream commit introduces a new configuration variable to switch between the old and new behavior. Since the old behavior is not desirable, we can use a much smaller patch to make --reload/--complete-reload behave as expected. Fixes: suze bz #1112008 --- src/firewall/core/fw.py | 44 ----------------------------------------- 1 file changed, 44 deletions(-) diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py index 21f5fc68..414af945 100644 --- a/src/firewall/core/fw.py +++ b/src/firewall/core/fw.py @@ -916,14 +916,6 @@ class Firewall(object): def reload(self, stop=False): _panic = self._panic - # save zone interfaces - _zone_interfaces = { } - for zone in self.zone.get_zones(): - _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"] - # save direct config - _direct_config = self.direct.get_runtime_config() - _old_dz = self.get_default_zone() - # stop self.cleanup() @@ -937,42 +929,6 @@ class Firewall(object): # etc. We'll re-raise it at the end. start_exception = e - # handle interfaces in the default zone and move them to the new - # default zone if it changed - _new_dz = self.get_default_zone() - if _new_dz != _old_dz: - # if_new_dz has been introduced with the reload, we need to add it - # https://github.com/firewalld/firewalld/issues/53 - if _new_dz not in _zone_interfaces: - _zone_interfaces[_new_dz] = { } - # default zone changed. Move interfaces from old default zone to - # the new one. - for iface, settings in list(_zone_interfaces[_old_dz].items()): - if settings["__default__"]: - # move only those that were added to default zone - # (not those that were added to specific zone same as - # default) - _zone_interfaces[_new_dz][iface] = \ - _zone_interfaces[_old_dz][iface] - del _zone_interfaces[_old_dz][iface] - - # add interfaces to zones again - for zone in self.zone.get_zones(): - if zone in _zone_interfaces: - self.zone.set_settings(zone, { "interfaces": - _zone_interfaces[zone] }) - del _zone_interfaces[zone] - else: - log.info1("New zone '%s'.", zone) - if len(_zone_interfaces) > 0: - for zone in list(_zone_interfaces.keys()): - log.info1("Lost zone '%s', zone interfaces dropped.", zone) - del _zone_interfaces[zone] - del _zone_interfaces - - # restore direct config - self.direct.set_config(_direct_config) - # enable panic mode again if it has been enabled before or set policy # to ACCEPT if _panic: -- 2.19.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor