rebase to v2.3.0
Resolves: RHEL-65865
This commit is contained in:
Eric Garver
parent
f7a701f6f9
commit
61999733ad
1
.gitignore
vendored
1
.gitignore
vendored
@ -81,3 +81,4 @@
|
|||||||
/firewalld-2.1.2.tar.bz2
|
/firewalld-2.1.2.tar.bz2
|
||||||
/firewalld-2.2.0.tar.bz2
|
/firewalld-2.2.0.tar.bz2
|
||||||
/firewalld-2.2.1.tar.bz2
|
/firewalld-2.2.1.tar.bz2
|
||||||
|
/firewalld-2.3.0.tar.bz2
|
||||||
|
|||||||
54
0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch
Normal file
54
0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From d1828d7c5b17b5d152acc461123565f3a32d61ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Garver <egarver@redhat.com>
|
||||||
|
Date: Wed, 6 Nov 2024 11:08:14 -0500
|
||||||
|
Subject: [PATCH] RHEL only: Default to StrictForwardPorts=yes
|
||||||
|
|
||||||
|
---
|
||||||
|
config/firewalld.conf | 4 ++--
|
||||||
|
src/firewall/config/__init__.py.in | 2 +-
|
||||||
|
src/tests/functions.at | 4 ++++
|
||||||
|
3 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/config/firewalld.conf b/config/firewalld.conf
|
||||||
|
index 800b255c77e0..93b85181c2be 100644
|
||||||
|
--- a/config/firewalld.conf
|
||||||
|
+++ b/config/firewalld.conf
|
||||||
|
@@ -94,8 +94,8 @@ RFC3964_IPv4=yes
|
||||||
|
# allowed via firewalld.
|
||||||
|
# If set to no, then docker (and podman) integrates seamlessly with firewalld.
|
||||||
|
# Published container ports are implicitly allowed.
|
||||||
|
-# Defaults to "no".
|
||||||
|
-StrictForwardPorts=no
|
||||||
|
+# Defaults to "yes".
|
||||||
|
+StrictForwardPorts=yes
|
||||||
|
|
||||||
|
# NftablesFlowtable
|
||||||
|
# This may improve forwarded traffic throughput by enabling nftables flowtable.
|
||||||
|
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
|
||||||
|
index 4951d37cf80e..478bb7383d41 100644
|
||||||
|
--- a/src/firewall/config/__init__.py.in
|
||||||
|
+++ b/src/firewall/config/__init__.py.in
|
||||||
|
@@ -139,4 +139,4 @@ FALLBACK_ALLOW_ZONE_DRIFTING = False
|
||||||
|
FALLBACK_NFTABLES_FLOWTABLE = "off"
|
||||||
|
FALLBACK_NFTABLES_COUNTERS = False
|
||||||
|
FALLBACK_NFTABLES_TABLE_OWNER = True
|
||||||
|
-FALLBACK_STRICT_FORWARD_PORTS = False
|
||||||
|
+FALLBACK_STRICT_FORWARD_PORTS = True
|
||||||
|
diff --git a/src/tests/functions.at b/src/tests/functions.at
|
||||||
|
index 500756bdacdb..621f2f6f613c 100644
|
||||||
|
--- a/src/tests/functions.at
|
||||||
|
+++ b/src/tests/functions.at
|
||||||
|
@@ -141,6 +141,10 @@ m4_define([FWD_START_TEST], [
|
||||||
|
AT_CHECK([if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi])
|
||||||
|
fi
|
||||||
|
|
||||||
|
+ dnl RHEL downstream changed the default value for this, but upstream tests
|
||||||
|
+ dnl expect it to be "no".
|
||||||
|
+ AT_CHECK([sed -i 's/^StrictForwardPorts.*/StrictForwardPorts=no/' ./firewalld.conf])
|
||||||
|
+
|
||||||
|
m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [
|
||||||
|
AT_KEYWORDS(offline)
|
||||||
|
dnl cockpit is added by default downstream, but upstream tests don't expect
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
||||||
@ -1,11 +1,12 @@
|
|||||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||||
Name: firewalld
|
Name: firewalld
|
||||||
Version: 2.2.1
|
Version: 2.3.0
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: http://www.firewalld.org
|
URL: http://www.firewalld.org
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
|
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
|
||||||
Patch0: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch
|
Patch1: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch
|
||||||
|
Patch2: 0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -253,6 +254,9 @@ end
|
|||||||
%{_mandir}/man1/firewall-config*.1*
|
%{_mandir}/man1/firewall-config*.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 05 2024 Eric Garver <egarver@redhat.com> - 2.3.0-1
|
||||||
|
- rebase package to v2.3.0
|
||||||
|
|
||||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.2.1-2
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.2.1-2
|
||||||
- Bump release for October 2024 mass rebuild:
|
- Bump release for October 2024 mass rebuild:
|
||||||
Resolves: RHEL-64018
|
Resolves: RHEL-64018
|
||||||
|
|||||||
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (firewalld-2.2.1.tar.bz2) = 08117be01a25a8e263cf419d7b01a98c80b53108af68f6cfc1d900692e6124c37b9dd6feaf4bc3c6e3f27958a9ee45b9795c7f5a9250eb644b6e903f97672c8a
|
SHA512 (firewalld-2.3.0.tar.bz2) = 9a0fe1098c8bbb63bc4af04f56b7810d3d4e94be4247574daba64fb7a344488053f80426b7422c3a4620a54fee69a4264e1b0d66580757aac29aa65d723007c5
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user