diff --git a/0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch b/0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch deleted file mode 100644 index 7d0317c..0000000 --- a/0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From d1828d7c5b17b5d152acc461123565f3a32d61ce Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Wed, 6 Nov 2024 11:08:14 -0500 -Subject: [PATCH] RHEL only: Default to StrictForwardPorts=yes - ---- - config/firewalld.conf | 4 ++-- - src/firewall/config/__init__.py.in | 2 +- - src/tests/functions.at | 4 ++++ - 3 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/config/firewalld.conf b/config/firewalld.conf -index 800b255c77e0..93b85181c2be 100644 ---- a/config/firewalld.conf -+++ b/config/firewalld.conf -@@ -94,8 +94,8 @@ RFC3964_IPv4=yes - # allowed via firewalld. - # If set to no, then docker (and podman) integrates seamlessly with firewalld. - # Published container ports are implicitly allowed. --# Defaults to "no". --StrictForwardPorts=no -+# Defaults to "yes". -+StrictForwardPorts=yes - - # NftablesFlowtable - # This may improve forwarded traffic throughput by enabling nftables flowtable. -diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in -index 4951d37cf80e..478bb7383d41 100644 ---- a/src/firewall/config/__init__.py.in -+++ b/src/firewall/config/__init__.py.in -@@ -139,4 +139,4 @@ FALLBACK_ALLOW_ZONE_DRIFTING = False - FALLBACK_NFTABLES_FLOWTABLE = "off" - FALLBACK_NFTABLES_COUNTERS = False - FALLBACK_NFTABLES_TABLE_OWNER = True --FALLBACK_STRICT_FORWARD_PORTS = False -+FALLBACK_STRICT_FORWARD_PORTS = True -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 500756bdacdb..621f2f6f613c 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -141,6 +141,10 @@ m4_define([FWD_START_TEST], [ - AT_CHECK([if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi]) - fi - -+ dnl RHEL downstream changed the default value for this, but upstream tests -+ dnl expect it to be "no". -+ AT_CHECK([sed -i 's/^StrictForwardPorts.*/StrictForwardPorts=no/' ./firewalld.conf]) -+ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ - AT_KEYWORDS(offline) - dnl cockpit is added by default downstream, but upstream tests don't expect --- -2.45.2 - diff --git a/firewalld.spec b/firewalld.spec index eacb20d..51f05e4 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,12 +1,11 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 2.3.0 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://www.firewalld.org License: GPL-2.0-or-later Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2 Patch1: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch -Patch2: 0002-RHEL-only-Default-to-StrictForwardPorts-yes.patch BuildArch: noarch BuildRequires: autoconf BuildRequires: automake @@ -254,6 +253,9 @@ end %{_mandir}/man1/firewall-config*.1* %changelog +* Wed Jan 15 2025 Eric Garver - 2.3.0-2 +- revert RHEL only patch to default StrictForwardPorts=yes + * Tue Nov 05 2024 Eric Garver - 2.3.0-1 - rebase package to v2.3.0