Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2018-08-28 13:36:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Tue Aug 28 13:36:09 2018 rev:34 rq:631960 version:0.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2018-08-17 23:59:54.710325109 +0200 +++ /work/SRC/openSUSE:Factory/.firewalld.new/firewalld.changes 2018-08-28 13:36:12.539226249 +0200 @@ -2 +2 @@ -Wed Aug 15 13:08:39 UTC 2018 - [email protected] +Mon Aug 13 19:08:39 UTC 2018 - [email protected] @@ -4,3 +4,4 @@ -- Restore nftables as default backend (bsc#1102761). nftables and - iptables can co-exist but the 'nat' table had a bug which was fixed - in kernel-4.18. +- Also switch firewall backend fallback to 'iptables' (bsc#1102761) + This ensures that existing configuration files will keep working + even if FirewallBackend option is missing. + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch New: ---- 0001-firewall-backend-Switch-default-backend-to-iptables.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.0oIkeZ/_old 2018-08-28 13:36:13.271227181 +0200 +++ /var/tmp/diff_new_pack.0oIkeZ/_new 2018-08-28 13:36:13.275227186 +0200 @@ -28,6 +28,8 @@ Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761) +Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -110,6 +112,8 @@ %prep %setup -q +# bsc#1102761 - switch to iptables as default +%patch0 -p1 # bsc#1078223 rm config/services/high-availability.xml ++++++ 0001-firewall-backend-Switch-default-backend-to-iptables.patch ++++++ >From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001 From: Markos Chandras <[email protected]> Date: Mon, 13 Aug 2018 22:31:04 +0300 Subject: [PATCH] firewall: backend: Switch default backend to 'iptables' Switch default backend to 'iptables'. Some packages (eg docker) are not able to work well with nftables right now, so lets stick with iptables as default backend. Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761 Signed-off-by: Markos Chandras <[email protected]> --- config/firewalld.conf | 6 +++--- doc/xml/firewalld.conf.xml | 4 ++-- src/firewall/config/__init__.py.in | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/firewalld.conf b/config/firewalld.conf index b53c0aa5..e6afde19 100644 --- a/config/firewalld.conf +++ b/config/firewalld.conf @@ -59,6 +59,6 @@ AutomaticHelpers=system # FirewallBackend # Selects the firewall backend implementation. # Choices are: -# - nftables (default) -# - iptables (iptables, ip6tables, ebtables and ipset) -FirewallBackend=nftables +# - nftables +# - iptables (default) +FirewallBackend=iptables diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml index df4b9521..fee0d3ca 100644 --- a/doc/xml/firewalld.conf.xml +++ b/doc/xml/firewalld.conf.xml @@ -149,8 +149,8 @@ <listitem> <para> Selects the firewall backend implementation. Possible values - are; <replaceable>nftables</replaceable> (default), or - <replaceable>iptables</replaceable>. This applies to all + are; <replaceable>nftables</replaceable>, or + <replaceable>iptables</replaceable> (default). This applies to all firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in index 955be320..cff7c3fe 100644 --- a/src/firewall/config/__init__.py.in +++ b/src/firewall/config/__init__.py.in @@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "system" -FALLBACK_FIREWALL_BACKEND = "nftables" +FALLBACK_FIREWALL_BACKEND = "iptables" -- 2.16.4
