NetworkManager/0001-firewall-Fedora-patch-to-default-to-iptables-backend.patch

From 35fa1c22b6b6f89fd74f31186ec92ec70ed34af2 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 16 Jun 2021 22:43:32 +0200
Subject: [PATCH 1/1] firewall: Fedora patch to default to iptables backend

Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh #1972911).
Until that is resolved, apply a downstream patch to default to "iptables" backend.

https://bugzilla.redhat.com/show_bug.cgi?id=1972911
---
 src/core/nm-firewall-utils.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index 3f2251569fa0..f2712f3d72ab 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -744,12 +744,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)
 static NMFirewallBackend
 _firewall_backend_detect(void)
 {
-    if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))
-        return NM_FIREWALL_BACKEND_NFTABLES;
-    if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))
-        return NM_FIREWALL_BACKEND_IPTABLES;
-
-    return NM_FIREWALL_BACKEND_NFTABLES;
+    /* Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh ##1972911).
+     * Until that is resolved, apply a downstream patch to default to "iptables" backend. */
+    return NM_FIREWALL_BACKEND_IPTABLES;
 }
 
 NMFirewallBackend
-- 
2.31.1
update to 1.32.0 release 2021-06-16 18:46:11 +00:00			`From 35fa1c22b6b6f89fd74f31186ec92ec70ed34af2 Mon Sep 17 00:00:00 2001`
			`From: Thomas Haller <thaller@redhat.com>`
			`Date: Wed, 16 Jun 2021 22:43:32 +0200`
			`Subject: [PATCH 1/1] firewall: Fedora patch to default to iptables backend`

			Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh #1972911).
			`Until that is resolved, apply a downstream patch to default to "iptables" backend.`

			`https://bugzilla.redhat.com/show_bug.cgi?id=1972911`
			`---`
			`src/core/nm-firewall-utils.c \| 9 +++------`
			`1 file changed, 3 insertions(+), 6 deletions(-)`

			`diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c`
			`index 3f2251569fa0..f2712f3d72ab 100644`
			`--- a/src/core/nm-firewall-utils.c`
			`+++ b/src/core/nm-firewall-utils.c`
			`@@ -744,12 +744,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)`
			`static NMFirewallBackend`
			`_firewall_backend_detect(void)`
			`{`
			`- if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))`
			`- return NM_FIREWALL_BACKEND_NFTABLES;`
			`- if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))`
			`- return NM_FIREWALL_BACKEND_IPTABLES;`
			`-`
			`- return NM_FIREWALL_BACKEND_NFTABLES;`
			+ /* Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh ##1972911).
			`+ * Until that is resolved, apply a downstream patch to default to "iptables" backend. */`
			`+ return NM_FIREWALL_BACKEND_IPTABLES;`
			`}`

			`NMFirewallBackend`
			`--`
			`2.31.1`