Hello community,
here is the log from the commit of package susefirewall2-to-firewalld for
openSUSE:Factory checked in at 2018-11-13 16:58:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/susefirewall2-to-firewalld (Old)
and /work/SRC/openSUSE:Factory/.susefirewall2-to-firewalld.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "susefirewall2-to-firewalld"
Tue Nov 13 16:58:02 2018 rev:4 rq:648407 version:0.0.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/susefirewall2-to-firewalld/susefirewall2-to-firewalld.changes
2018-06-02 12:12:44.326690363 +0200
+++
/work/SRC/openSUSE:Factory/.susefirewall2-to-firewalld.new/susefirewall2-to-firewalld.changes
2018-11-13 17:50:07.895579601 +0100
@@ -1,0 +2,7 @@
+Mon Nov 12 08:28:17 UTC 2018 - Markos Chandras <[email protected]>
+
+- Version bump to 0.0.4
+ * Add input and forward zone to the known ones (bsc#1115001)
+ * Stop guessing firewall service from port/proto
+
+-------------------------------------------------------------------
@@ -6 +13 @@
- * Handle source whitelisting (gh#openSUSE/susefirewall2-to-firewalld#2)
+ * Handle source whitelisting (gh#openSUSE/susefirewall2-to-firewalld#2,
bsc#1105157)
Old:
----
susefirewall2-to-firewalld-0.0.3.tar.gz
New:
----
susefirewall2-to-firewalld-0.0.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ susefirewall2-to-firewalld.spec ++++++
--- /var/tmp/diff_new_pack.wYFFUM/_old 2018-11-13 17:50:08.247579110 +0100
+++ /var/tmp/diff_new_pack.wYFFUM/_new 2018-11-13 17:50:08.251579104 +0100
@@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: susefirewall2-to-firewalld
-Version: 0.0.3
+Version: 0.0.4
Release: 0
Summary: Basic SuSEfirewall2 to FirewallD migration script
License: GPL-2.0-or-later
++++++ susefirewall2-to-firewalld-0.0.3.tar.gz ->
susefirewall2-to-firewalld-0.0.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/susefirewall2-to-firewalld-susefirewall2-to-firewalld-0.0.3/susefirewall2-to-firewalld
new/susefirewall2-to-firewalld-susefirewall2-to-firewalld-0.0.4/susefirewall2-to-firewalld
---
old/susefirewall2-to-firewalld-susefirewall2-to-firewalld-0.0.3/susefirewall2-to-firewalld
2018-05-30 11:45:14.000000000 +0200
+++
new/susefirewall2-to-firewalld-susefirewall2-to-firewalld-0.0.4/susefirewall2-to-firewalld
2018-11-12 09:25:47.000000000 +0100
@@ -64,7 +64,7 @@
if git describe --always --tags --abbrev > /dev/null 2>&1; then
VERSION="git$(git describe --always --tags --abbrev)"
else
- VERSION="0.0.3"
+ VERSION="0.0.4"
fi
#
@@ -353,7 +353,7 @@
firewalld_known_chain() {
local chain
- for chain in ${!chain_mappings[@]}; do
+ for chain in ${!chain_mappings[@]} INPUT FORWARD; do
[[ ${1} == ${chain} ]] && return 0
done
return 1
@@ -410,56 +410,15 @@
firewalld_services() {
local found protocol ports service zone
- #
- # firewalld directories to look for zones, services etc.
- # FIXME: we may also want to use rpm information to retrieve these
- # directories since spec files might change and install things into
- # different places.
- #
- declare -r -a FIREWALLD_INSTALL_DIRS=("/usr/lib/firewalld"
"/etc/firewalld")
-
for zone in ${!zone_mappings[@]}; do
for service in ${service_to_zone[$zone]}; do
protocol=${service%%_*}
ports=${service##*_}
- found=false
- for service_dir in ${FIREWALLD_INSTALL_DIRS[@]}; do
- [[ ! -d ${service_dir} ]] && continue
- #
- # We assume that only one service uses the said
- # ports. If not, then something else needs to be done
- # here (but what?). I am fairly sure this ugly thing can be
- # simplified a little bit but XML parsing in bash
- # is not pretty anyway.
- #
- service=$(grep -E "<port.* protocol=\"?${protocol}\"?" \
- ${service_dir}/services/* 2>/dev/null | \
- grep -E "<port.* port=\"?${ports}\"?[^0-9]" | \
- cut -d ":" -f 1 | rev | cut -d "/" -f 1 | rev | \
- sed "s/\.xml//" | head -n 1)
- [[ -n ${service} ]] && found=true && break
- done
- if [[ ${found} == true ]]; then
- if firewall-cmd -q --zone=${zone_mappings[$zone]}
--query-service=${service}; then
- continue
- fi
- info "Enabling service=\"${service}\" to
zone=\"${zone_mappings[${zone}]}\""
- do_fwd_cmd --zone=${zone_mappings[${zone}]}
--add-service=${service}
- fi
-
- if [[ ${found} == false ]]; then
- if firewall-cmd -q --zone=${zone_mappings[${zone}]}
--query-port="${ports}/${protocol}"; then
- continue
- fi
- warn ""
- warn "There is no firewalld service with protocol=$protocol
and ports=${ports}"
- warn "Consider creating one yourself and place it in
/etc/firewalld/services/"
- warn "or file a bug upstream if this is a well-known service."
- warn ""
-
- info "Adding port(s)=\"${ports}/${protocol}\" to
zone=\"${zone_mappings[${zone}]}\""
- do_fwd_cmd --zone=${zone_mappings[${zone}]}
--add-port="${ports}/${protocol}"
+ if firewall-cmd -q --zone=${zone_mappings[${zone}]}
--query-port="${ports}/${protocol}"; then
+ continue
fi
+ info "Adding port(s)=\"${ports}/${protocol}\" to
zone=\"${zone_mappings[${zone}]}\""
+ do_fwd_cmd --zone=${zone_mappings[${zone}]}
--add-port="${ports}/${protocol}"
done
for service in ${known_service_to_zone[$zone]}; do
info "Enabling service=\"${service}\" to
zone=\"${zone_mappings[${zone}]}\""
