rpms/firewalld
5
0
Fork 0
Code Issues Pull Requests Releases Activity

remove obsolete patches

Browse Source
This commit is contained in:
Eric Garver 2018-03-19 15:31:35 -04:00
parent 7dbe008cf6
commit a86d697d59
6 changed files with 0 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
firewalld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch
View File

@ -1,251 +0,0 @@
From b81a595f83d269a56ef5e13105de5bfce392e187 Mon Sep 17 00:00:00 2001
From: Jiri Popelka <jpopelka@redhat.com>
Date: Mon, 22 Feb 2016 18:51:48 +0100
Subject: [PATCH] Revert "firewall.client: Raise ALREADY/NOT _ENABLED errors"
This reverts commit 14fecd41eb6be610179ff6e1b2534dd6171628be.
---
src/firewall/client.py | 69 +++-----------------------------------------------
1 file changed, 3 insertions(+), 66 deletions(-)
diff --git a/src/firewall/client.py b/src/firewall/client.py
index 65be20a..1d562da 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -29,7 +29,7 @@ import dbus.mainloop.glib
import slip.dbus
from firewall.config import *
-from firewall.errors import FirewallError, ALREADY_ENABLED, NOT_ENABLED
+from firewall.errors import FirewallError
from firewall.config.dbus import *
from firewall.core.base import DEFAULT_ZONE_TARGET
from firewall.dbus_utils import dbus_to_python
@@ -137,14 +137,10 @@ class FirewallClientZoneSettings(object):
def addService(self, service):
if service not in self.settings[5]:
self.settings[5].append(service)
- else:
- raise FirewallError(ALREADY_ENABLED, service)
@handle_exceptions
def removeService(self, service):
if service in self.settings[5]:
self.settings[5].remove(service)
- else:
- raise FirewallError(NOT_ENABLED, service)
@handle_exceptions
def queryService(self, service):
return service in self.settings[5]
@@ -159,14 +155,10 @@ class FirewallClientZoneSettings(object):
def addPort(self, port, protocol):
if (port,protocol) not in self.settings[6]:
self.settings[6].append((port,protocol))
- else:
- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % (port, protocol))
@handle_exceptions
def removePort(self, port, protocol):
if (port,protocol) in self.settings[6]:
self.settings[6].remove((port,protocol))
- else:
- raise FirewallError(NOT_ENABLED, "'%s:%s'" % (port, protocol))
@handle_exceptions
def queryPort(self, port, protocol):
return (port,protocol) in self.settings[6]
@@ -181,14 +173,10 @@ class FirewallClientZoneSettings(object):
def addProtocol(self, protocol):
if protocol not in self.settings[13]:
self.settings[13].append(protocol)
- else:
- raise FirewallError(ALREADY_ENABLED, protocol)
@handle_exceptions
def removeProtocol(self, protocol):
if protocol in self.settings[13]:
self.settings[13].remove(protocol)
- else:
- raise FirewallError(NOT_ENABLED, protocol)
@handle_exceptions
def queryProtocol(self, protocol):
return protocol in self.settings[13]
@@ -203,14 +191,10 @@ class FirewallClientZoneSettings(object):
def addIcmpBlock(self, icmptype):
if icmptype not in self.settings[7]:
self.settings[7].append(icmptype)
- else:
- raise FirewallError(ALREADY_ENABLED, icmptype)
@handle_exceptions
def removeIcmpBlock(self, icmptype):
if icmptype in self.settings[7]:
self.settings[7].remove(icmptype)
- else:
- raise FirewallError(NOT_ENABLED, icmptype)
@handle_exceptions
def queryIcmpBlock(self, icmptype):
return icmptype in self.settings[7]
@@ -236,9 +220,6 @@ class FirewallClientZoneSettings(object):
to_addr = ''
if (port,protocol,to_port,to_addr) not in self.settings[9]:
self.settings[9].append((port,protocol,to_port,to_addr))
- else:
- raise FirewallError(ALREADY_ENABLED, "'%s:%s:%s:%s'" % \
- (port, protocol, toport, toaddr))
@handle_exceptions
def removeForwardPort(self, port, protocol, to_port, to_addr):
if to_port is None:
@@ -247,9 +228,6 @@ class FirewallClientZoneSettings(object):
to_addr = ''
if (port,protocol,to_port,to_addr) in self.settings[9]:
self.settings[9].remove((port,protocol,to_port,to_addr))
- else:
- raise FirewallError(NOT_ENABLED, "'%s:%s:%s:%s'" % \
- (port, protocol, toport, toaddr))
@handle_exceptions
def queryForwardPort(self, port, protocol, to_port, to_addr):
if to_port is None:
@@ -268,14 +246,10 @@ class FirewallClientZoneSettings(object):
def addInterface(self, interface):
if interface not in self.settings[10]:
self.settings[10].append(interface)
- else:
- raise FirewallError(ALREADY_ENABLED, interface)
@handle_exceptions
def removeInterface(self, interface):
if interface in self.settings[10]:
self.settings[10].remove(interface)
- else:
- raise FirewallError(NOT_ENABLED, interface)
@handle_exceptions
def queryInterface(self, interface):
return interface in self.settings[10]
@@ -290,14 +264,10 @@ class FirewallClientZoneSettings(object):
def addSource(self, source):
if source not in self.settings[11]:
self.settings[11].append(source)
- else:
- raise FirewallError(ALREADY_ENABLED, source)
@handle_exceptions
def removeSource(self, source):
if source in self.settings[11]:
self.settings[11].remove(source)
- else:
- raise FirewallError(NOT_ENABLED, source)
@handle_exceptions
def querySource(self, source):
return source in self.settings[11]
@@ -314,15 +284,11 @@ class FirewallClientZoneSettings(object):
rule = str(Rich_Rule(rule_str=rule))
if rule not in self.settings[12]:
self.settings[12].append(rule)
- else:
- raise FirewallError(ALREADY_ENABLED, rule)
@handle_exceptions
def removeRichRule(self, rule):
rule = str(Rich_Rule(rule_str=rule))
if rule in self.settings[12]:
self.settings[12].remove(rule)
- else:
- raise FirewallError(NOT_ENABLED, rule)
@handle_exceptions
def queryRichRule(self, rule):
rule = str(Rich_Rule(rule_str=rule))
@@ -734,14 +700,10 @@ class FirewallClientServiceSettings(object):
def addPort(self, port, protocol):
if (port,protocol) not in self.settings[3]:
self.settings[3].append((port,protocol))
- else:
- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % (port, protocol))
@handle_exceptions
def removePort(self, port, protocol):
if (port,protocol) in self.settings[3]:
self.settings[3].remove((port,protocol))
- else:
- raise FirewallError(NOT_ENABLED, "'%s:%s'" % (port, protocol))
@handle_exceptions
def queryPort(self, port, protocol):
return (port,protocol) in self.settings[3]
@@ -756,14 +718,10 @@ class FirewallClientServiceSettings(object):
def addProtocol(self, protocol):
if protocol not in self.settings[6]:
self.settings[6].append(protocol)
- else:
- raise FirewallError(ALREADY_ENABLED, protocol)
@handle_exceptions
def removeProtocol(self, protocol):
if protocol in self.settings[6]:
self.settings[6].remove(protocol)
- else:
- raise FirewallError(NOT_ENABLED, protocol)
@handle_exceptions
def queryProtocol(self, protocol):
return protocol in self.settings[6]
@@ -778,14 +736,10 @@ class FirewallClientServiceSettings(object):
def addModule(self, module):
if module not in self.settings[4]:
self.settings[4].append(module)
- else:
- raise FirewallError(ALREADY_ENABLED, module)
@handle_exceptions
def removeModule(self, module):
if module in self.settings[4]:
self.settings[4].remove(module)
- else:
- raise FirewallError(NOT_ENABLED, module)
@handle_exceptions
def queryModule(self, module):
return module in self.settings[4]
@@ -798,18 +752,11 @@ class FirewallClientServiceSettings(object):
self.settings[5] = destinations
@handle_exceptions
def setDestination(self, dest_type, address):
- if not dest_type in self.settings[5] or \
- self.settings[5][dest_type] != address:
- self.settings[5][dest_type] = address
- else:
- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % \
- (dest_type, address))
+ self.settings[5][dest_type] = address
@handle_exceptions
def removeDestination(self, dest_type):
if dest_type in self.settings[5]:
del self.settings[5][dest_type]
- else:
- raise FirewallError(NOT_ENABLED, "'%s'" % dest_type)
@handle_exceptions
def queryDestination(self, dest_type, address):
return (dest_type in self.settings[5] and \
@@ -865,17 +812,11 @@ class FirewallClientIPSetSettings(object):
self.settings[4] = options
@handle_exceptions
def addOption(self, key, value):
- if not key in self.settings[4] or self.settings[4][key] != value:
- self.settings[4][key] = value
- else:
- raise FirewallError(ALREADY_ENABLED, "'%s=%s'" % (key,value)
- if value else key)
+ self.settings[4][key] = value
@handle_exceptions
def removeOption(self, key):
if key in self.settings[4]:
del self.settings[4][key]
- else:
- raise FirewallError(NOT_ENABLED, key)
@handle_exceptions
def queryOption(self, key, value):
return key in self.settings[4] and self.settings[4][key] == value
@@ -890,14 +831,10 @@ class FirewallClientIPSetSettings(object):
def addEntry(self, entry):
if entry not in self.settings[5]:
self.settings[5].append(entry)
- else:
- raise FirewallError(ALREADY_ENABLED, entry)
@handle_exceptions
def removeEntry(self, entry):
if entry in self.settings[5]:
self.settings[5].remove(entry)
- else:
- raise FirewallError(NOT_ENABLED, entry)
@handle_exceptions
def queryEntry(self, entry):
return entry in self.settings[5]
--
2.5.0

26
firewalld-0.4.0-tempdir_RHBZ1305175.patch
View File

@ -1,26 +0,0 @@
From 7c6b91b1c32fe502d1a6ffc3e29f09481bcf7ab1 Mon Sep 17 00:00:00 2001
From: Jiri Popelka <jpopelka@redhat.com>
Date: Mon, 8 Feb 2016 13:42:41 +0100
Subject: [PATCH 1/2] Make sure tempdir is created even in offline mode.
---
src/firewall/functions.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/firewall/functions.py b/src/firewall/functions.py
index 9b19139..6dbac26 100644
--- a/src/firewall/functions.py
+++ b/src/firewall/functions.py
@@ -265,6 +265,9 @@ def firewalld_is_active():
def tempFile():
try:
+ if not os.path.exists(FIREWALLD_TEMPDIR):
+ os.mkdir(FIREWALLD_TEMPDIR, 0o750)
+
return tempfile.NamedTemporaryFile(mode='wt', prefix="temp.",
dir=FIREWALLD_TEMPDIR, delete=False)
except Exception as msg:
--
2.5.0

13
firewalld-0.4.1-fr.patch
View File

@ -1,13 +0,0 @@
diff --git a/po/fr.po b/po/fr.po
index a46c590..9647a73 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -132,7 +132,7 @@ msgstr "Zone à protection active :"
#: ../src/firewall-applet:233 ../src/firewall-applet:246
msgid "Reset To Default"
-msgstr "Réinitialiser aux paramètres par défaut\n"
+msgstr "Réinitialiser aux paramètres par défaut"
#: ../src/firewall-applet:237
msgid "Shields Down Zone:"

91
firewalld-0.4.4.3-get_ipset_no_applied_check.patch
View File

@ -1,91 +0,0 @@
commit 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9
Author: Thomas Woerner <twoerner@redhat.com>
Date: Wed Feb 15 11:11:40 2017 +0100
firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
This breaks the ipset overloading from /etc/firewalld/ipsets.
Fixes: #206
diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py
index bbbc8eb..952d122 100644
--- a/src/firewall/core/fw_ipset.py
+++ b/src/firewall/core/fw_ipset.py
@@ -55,10 +55,11 @@ class FirewallIPSet(object):
def has_ipsets(self):
return len(self._ipsets) > 0
- def get_ipset(self, name):
+ def get_ipset(self, name, applied=False):
self.check_ipset(name)
obj = self._ipsets[name]
- self.check_applied_obj(obj)
+ if applied:
+ self.check_applied_obj(obj)
return obj
def _error2warning(self, f, name, *args):
@@ -141,11 +142,11 @@ class FirewallIPSet(object):
# TYPE
def get_type(self, name):
- return self.get_ipset(name).type
+ return self.get_ipset(name, applied=True).type
# DIMENSION
def get_dimension(self, name):
- return len(self.get_ipset(name).type.split(","))
+ return len(self.get_ipset(name, applied=True).type.split(","))
# APPLIED
@@ -164,7 +165,7 @@ class FirewallIPSet(object):
# OPTIONS
def get_family(self, name):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
if "family" in obj.options:
if obj.options["family"] == "inet6":
return "ipv6"
@@ -179,7 +180,7 @@ class FirewallIPSet(object):
pass
def add_entry(self, name, entry):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
if "timeout" in obj.options and obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -201,7 +202,7 @@ class FirewallIPSet(object):
obj.entries.append(entry)
def remove_entry(self, name, entry):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
if "timeout" in obj.options and obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -222,7 +223,7 @@ class FirewallIPSet(object):
obj.entries.remove(entry)
def query_entry(self, name, entry):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
if "timeout" in obj.options and obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -230,11 +231,11 @@ class FirewallIPSet(object):
return entry in obj.entries
def get_entries(self, name):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
return obj.entries
def set_entries(self, name, entries):
- obj = self.get_ipset(name)
+ obj = self.get_ipset(name, applied=True)
if "timeout" in obj.options and obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)

28
firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch
View File

@ -1,28 +0,0 @@
From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 8 Jun 2017 17:44:32 +0200
Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
conflicting family
Only raise error for an ICMP block in a rich-rule if a family has been
specified and conflicts with the ICMP destination.
Fixes: RHBZ#1459921
---
src/firewall/core/fw_zone.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 4f3f18c0..f47222e4 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
raise FirewallError(errors.INVALID_RULE,
"IcmpBlock not usable with accept action")
if ict.destination and ipv not in ict.destination:
+ if rule.family is None:
+ # Add for IPv4 or IPv6 depending on ict.destination
+ continue
raise FirewallError(
errors.INVALID_RULE,
"Icmp%s %s not usable with %s" % \

59
firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch
View File

@ -1,59 +0,0 @@
From d69b7cb2724f041f257b90184a64e28a667ee7e9 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 8 Jun 2017 15:31:11 +0200
Subject: [PATCH] firewall.core.rich: Add checks for Rich_Source validation
A rich-rule source needs to either contain a IP address, a MAC address or an
ipset.
---
src/firewall/core/rich.py | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index 3adcb4d9..04791da6 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -46,15 +46,21 @@ def __init__(self, addr, mac, ipset, invert=False):
if self.ipset == "":
self.ipset = None
self.invert = invert
+ if self.addr is None and self.mac is None and self.ipset is None:
+ raise FirewallError(errors.INVALID_RULE,
+ "no address, mac and ipset")
def __str__(self):
- if self.addr:
- x = ' address="%s"' % self.addr
- elif self.mac:
- x = ' mac="%s"' % self.mac
- elif self.ipset:
- x = ' ipset="%s"' % self.ipset
- return 'source%s%s' % (" NOT" if self.invert else "", x)
+ ret = 'source%s ' % (" NOT" if self.invert else "")
+ if self.addr is not None:
+ return ret + 'address="%s"' % self.addr
+ elif self.mac is not None:
+ return ret + 'mac="%s"' % self.mac
+ elif self.ipset is not None:
+ return ret + 'ipset="%s"' % self.ipset
+ else:
+ raise FirewallError(errors.INVALID_RULE,
+ "no address, mac and ipset")
class Rich_Destination(object):
def __init__(self, addr, invert=False):
@@ -542,10 +548,14 @@ def check(self):
raise FirewallError(errors.INVALID_FAMILY)
if self.source.mac is not None:
raise FirewallError(errors.INVALID_RULE, "address and mac")
+ if self.source.ipset is not None:
+ raise FirewallError(errors.INVALID_RULE, "address and ipset")
if not functions.check_address(self.family, self.source.addr):
raise FirewallError(errors.INVALID_ADDR, str(self.source.addr))
elif self.source.mac is not None:
+ if self.source.ipset is not None:
+ raise FirewallError(errors.INVALID_RULE, "mac and ipset")
if not functions.check_mac(self.source.mac):
raise FirewallError(errors.INVALID_MAC, str(self.source.mac))