import firewalld-0.8.2-1.el8
This commit is contained in:
parent
473bc21d2d
commit
b4b2120af0
@ -1 +1 @@
|
||||
e558ccbfd8a0e08d9339cf1506d8856d3533ed82 SOURCES/firewalld-0.8.0.tar.gz
|
||||
785c4062248b95a85ddc023eba075b66109e254b SOURCES/firewalld-0.8.2.tar.gz
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/firewalld-0.8.0.tar.gz
|
||||
SOURCES/firewalld-0.8.2.tar.gz
|
||||
|
@ -1,7 +1,7 @@
|
||||
From aaba32dd922c84662521754952e5a50198dd8625 Mon Sep 17 00:00:00 2001
|
||||
From 52d53cc4ab0503ad484330b2121f85094a7903de Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <e@erig.me>
|
||||
Date: Mon, 9 Jul 2018 11:29:33 -0400
|
||||
Subject: [PATCH] Add cockpit by default to some zones
|
||||
Subject: [PATCH 1/6] RHEL only: Add cockpit by default to some zones
|
||||
|
||||
Fixes: #1581578
|
||||
---
|
||||
@ -9,9 +9,9 @@ Fixes: #1581578
|
||||
config/zones/internal.xml | 1 +
|
||||
config/zones/public.xml | 1 +
|
||||
config/zones/work.xml | 1 +
|
||||
src/tests/cli/firewall-cmd.at | 14 +++++++++++++-
|
||||
src/tests/features/helpers_custom.at | 9 +++++++++
|
||||
src/tests/features/service_include.at | 2 +-
|
||||
src/tests/firewall-cmd.at | 14 +++++++++++++-
|
||||
src/tests/regression/gh366.at | 3 +++
|
||||
src/tests/regression/gh453.at | 2 ++
|
||||
src/tests/regression/rhbz1514043.at | 2 +-
|
||||
@ -57,100 +57,11 @@ index 6ea5550a40bd..9609ee6f65c2 100644
|
||||
<service name="dhcpv6-client"/>
|
||||
+ <service name="cockpit"/>
|
||||
</zone>
|
||||
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
|
||||
index c65f067a06ec..263185c88724 100644
|
||||
--- a/src/tests/features/helpers_custom.at
|
||||
+++ b/src/tests/features/helpers_custom.at
|
||||
@@ -17,6 +17,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
}
|
||||
@@ -27,6 +28,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
@@ -35,6 +37,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
@@ -51,6 +54,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
}
|
||||
@@ -61,6 +65,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
@@ -69,6 +74,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
@@ -86,6 +92,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
@@ -99,6 +106,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
||||
])
|
||||
@@ -109,6 +117,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
||||
])
|
||||
diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at
|
||||
index 219d5b42767b..0bf59f63b81b 100644
|
||||
--- a/src/tests/features/service_include.at
|
||||
+++ b/src/tests/features/service_include.at
|
||||
@@ -117,7 +117,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl
|
||||
|
||||
])
|
||||
FWD_CHECK([--zone=public --list-services], 0, [dnl
|
||||
-dhcpv6-client ssh
|
||||
+cockpit dhcpv6-client ssh
|
||||
])
|
||||
FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist])
|
||||
FWD_RELOAD
|
||||
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
||||
index 0e0d3938da0a..540bdb8b1065 100644
|
||||
--- a/src/tests/firewall-cmd.at
|
||||
+++ b/src/tests/firewall-cmd.at
|
||||
@@ -1144,6 +1144,7 @@ FWD_START_TEST([rich rules priority])
|
||||
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
|
||||
index 806af74221b6..74f480f8730f 100644
|
||||
--- a/src/tests/cli/firewall-cmd.at
|
||||
+++ b/src/tests/cli/firewall-cmd.at
|
||||
@@ -1285,6 +1285,7 @@ FWD_START_TEST([rich rules priority])
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
@ -158,7 +69,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
tcp dport 1122 ct state new,untracked accept
|
||||
tcp dport 3333 ct state new,untracked accept
|
||||
tcp dport 4444 ct state new,untracked accept
|
||||
@@ -1159,6 +1160,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1300,6 +1301,7 @@ FWD_START_TEST([rich rules priority])
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
@ -166,7 +77,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED
|
||||
@@ -1173,6 +1175,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1314,6 +1316,7 @@ FWD_START_TEST([rich rules priority])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
@ -174,7 +85,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED
|
||||
@@ -1254,6 +1257,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1395,6 +1398,7 @@ FWD_START_TEST([rich rules priority])
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
@ -182,7 +93,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
}
|
||||
}
|
||||
])
|
||||
@@ -1357,6 +1361,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1498,6 +1502,7 @@ FWD_START_TEST([rich rules priority])
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
@ -190,7 +101,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
||||
])
|
||||
@@ -1391,6 +1396,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1532,6 +1537,7 @@ FWD_START_TEST([rich rules priority])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
@ -198,7 +109,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
])
|
||||
IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
||||
])
|
||||
@@ -1438,6 +1444,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1579,6 +1585,7 @@ FWD_START_TEST([rich rules priority])
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
@ -206,7 +117,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
icmp type echo-request accept
|
||||
icmpv6 type echo-request accept
|
||||
}
|
||||
@@ -1478,6 +1485,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1619,6 +1626,7 @@ FWD_START_TEST([rich rules priority])
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
@ -214,7 +125,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
||||
@@ -1500,6 +1508,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1641,6 +1649,7 @@ FWD_START_TEST([rich rules priority])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
@ -222,7 +133,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
|
||||
])
|
||||
IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
||||
@@ -1556,6 +1565,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1697,6 +1706,7 @@ FWD_START_TEST([rich rules priority])
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
@ -230,7 +141,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
}
|
||||
}
|
||||
])
|
||||
@@ -1593,6 +1603,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1734,6 +1744,7 @@ FWD_START_TEST([rich rules priority])
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
@ -238,7 +149,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
|
||||
])
|
||||
@@ -1613,6 +1624,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1754,6 +1765,7 @@ FWD_START_TEST([rich rules priority])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
@ -246,7 +157,7 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
|
||||
])
|
||||
@@ -1638,7 +1650,7 @@ FWD_START_TEST([rich rules priority])
|
||||
@@ -1779,7 +1791,7 @@ FWD_START_TEST([rich rules priority])
|
||||
icmp-block-inversion: no
|
||||
interfaces:
|
||||
sources:
|
||||
@ -255,6 +166,95 @@ index 0e0d3938da0a..540bdb8b1065 100644
|
||||
ports:
|
||||
protocols:
|
||||
masquerade: no
|
||||
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
|
||||
index 41d0f17b1d9e..bd4b52cfb1d6 100644
|
||||
--- a/src/tests/features/helpers_custom.at
|
||||
+++ b/src/tests/features/helpers_custom.at
|
||||
@@ -37,6 +37,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
}
|
||||
@@ -47,6 +48,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
@@ -55,6 +57,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
@@ -91,6 +94,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
}
|
||||
@@ -101,6 +105,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
@@ -109,6 +114,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
@@ -126,6 +132,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
||||
tcp dport 2121 ct state new,untracked accept
|
||||
@@ -139,6 +146,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
])
|
||||
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
||||
])
|
||||
@@ -149,6 +157,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
||||
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
||||
])
|
||||
diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at
|
||||
index 7f02701a9419..070f1578fc2b 100644
|
||||
--- a/src/tests/features/service_include.at
|
||||
+++ b/src/tests/features/service_include.at
|
||||
@@ -120,7 +120,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl
|
||||
|
||||
])
|
||||
FWD_CHECK([--zone=public --list-services], 0, [dnl
|
||||
-dhcpv6-client ssh
|
||||
+cockpit dhcpv6-client ssh
|
||||
])
|
||||
FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist])
|
||||
FWD_RELOAD
|
||||
diff --git a/src/tests/regression/gh366.at b/src/tests/regression/gh366.at
|
||||
index 1441a6be53bf..51ff504e6a9d 100644
|
||||
--- a/src/tests/regression/gh366.at
|
||||
@ -282,25 +282,25 @@ index 1441a6be53bf..51ff504e6a9d 100644
|
||||
])])
|
||||
|
||||
diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at
|
||||
index f57a79dcf9a2..6d820fce840a 100644
|
||||
index 36a6fce5f22a..61bc90aae673 100644
|
||||
--- a/src/tests/regression/gh453.at
|
||||
+++ b/src/tests/regression/gh453.at
|
||||
@@ -18,6 +18,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 21 ct state new,untracked accept
|
||||
}
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 21 ct state new,untracked accept
|
||||
}
|
||||
@@ -42,6 +43,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 21 ct state new,untracked accept
|
||||
tcp dport 5060 ct helper set "helper-sip-tcp"
|
||||
chain filter_IN_public_allow {
|
||||
tcp dport 22 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
tcp dport 21 ct helper set "helper-ftp-tcp"
|
||||
tcp dport 21 ct state new,untracked accept
|
||||
tcp dport 5060 ct helper set "helper-sip-tcp"
|
||||
diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at
|
||||
index efc33e09478b..241cf547f7f3 100644
|
||||
--- a/src/tests/regression/rhbz1514043.at
|
235
SOURCES/0002-RHEL-only-default-to-AllowZoneDrifting-yes.patch
Normal file
235
SOURCES/0002-RHEL-only-default-to-AllowZoneDrifting-yes.patch
Normal file
@ -0,0 +1,235 @@
|
||||
From 42c3c63410d53f1f1eef8a756202231a7872aafa Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Tue, 4 Feb 2020 09:12:17 -0500
|
||||
Subject: [PATCH 2/6] RHEL only: default to AllowZoneDrifting=yes
|
||||
|
||||
---
|
||||
config/firewalld.conf | 4 ++--
|
||||
doc/xml/firewalld.conf.xml | 2 +-
|
||||
doc/xml/firewalld.dbus.xml | 2 +-
|
||||
src/firewall/config/__init__.py.in | 2 +-
|
||||
src/tests/cli/firewall-cmd.at | 8 ++++++++
|
||||
src/tests/dbus/firewalld.conf.at | 4 ++--
|
||||
src/tests/features/rfc3964_ipv4.at | 4 ++++
|
||||
src/tests/functions.at | 1 +
|
||||
src/tests/regression/rhbz1514043.at | 4 ++++
|
||||
src/tests/regression/rhbz1715977.at | 9 +++++++++
|
||||
10 files changed, 33 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/config/firewalld.conf b/config/firewalld.conf
|
||||
index 532f0452212e..f791b2358ab8 100644
|
||||
--- a/config/firewalld.conf
|
||||
+++ b/config/firewalld.conf
|
||||
@@ -71,5 +71,5 @@ RFC3964_IPv4=yes
|
||||
# Note: If "yes" packets will only drift from source based zones to interface
|
||||
# based zones (including the default zone). Packets never drift from interface
|
||||
# based zones to other interfaces based zones (including the default zone).
|
||||
-# Possible values; "yes", "no". Defaults to "no".
|
||||
-AllowZoneDrifting=no
|
||||
+# Possible values; "yes", "no". Defaults to "yes".
|
||||
+AllowZoneDrifting=yes
|
||||
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
|
||||
index fcfbfd2b68c1..c21ef87813bc 100644
|
||||
--- a/doc/xml/firewalld.conf.xml
|
||||
+++ b/doc/xml/firewalld.conf.xml
|
||||
@@ -197,7 +197,7 @@
|
||||
to interface based zones (including the default zone). Packets
|
||||
never drift from interface based zones to other interfaces
|
||||
based zones (including the default zone).
|
||||
- Valid values; "yes", "no". Defaults to "no".
|
||||
+ Valid values; "yes", "no". Defaults to "yes".
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml
|
||||
index 5d77af976443..77ad77c01675 100644
|
||||
--- a/doc/xml/firewalld.dbus.xml
|
||||
+++ b/doc/xml/firewalld.dbus.xml
|
||||
@@ -2591,7 +2591,7 @@
|
||||
to interface based zones (including the default zone). Packets
|
||||
never drift from interface based zones to other interfaces
|
||||
based zones (including the default zone).
|
||||
- Valid values; "yes", "no". Defaults to "no".
|
||||
+ Valid values; "yes", "no". Defaults to "yes".
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry id="FirewallD1.config.Properties.AutomaticHelpers">
|
||||
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
|
||||
index 481eb8de758d..645c76b66c8d 100644
|
||||
--- a/src/firewall/config/__init__.py.in
|
||||
+++ b/src/firewall/config/__init__.py.in
|
||||
@@ -130,4 +130,4 @@ FALLBACK_AUTOMATIC_HELPERS = "no"
|
||||
FALLBACK_FIREWALL_BACKEND = "nftables"
|
||||
FALLBACK_FLUSH_ALL_ON_RELOAD = True
|
||||
FALLBACK_RFC3964_IPV4 = True
|
||||
-FALLBACK_ALLOW_ZONE_DRIFTING = False
|
||||
+FALLBACK_ALLOW_ZONE_DRIFTING = True
|
||||
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
|
||||
index 74f480f8730f..c47c14ea1fc2 100644
|
||||
--- a/src/tests/cli/firewall-cmd.at
|
||||
+++ b/src/tests/cli/firewall-cmd.at
|
||||
@@ -696,6 +696,10 @@ FWD_START_TEST([ipset])
|
||||
CHECK_IPSET
|
||||
CHECK_IPSET_HASH_MAC
|
||||
|
||||
+ dnl Expected test results assume this is set to "no"
|
||||
+ AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
|
||||
+ FWD_RELOAD
|
||||
+
|
||||
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip], 0, ignore)
|
||||
FWD_CHECK([--reload], 0, ignore)
|
||||
FWD_CHECK([--ipset=foobar --get-entries], 0, [
|
||||
@@ -1197,6 +1201,10 @@ FWD_START_TEST([rich rules priority])
|
||||
|
||||
CHECK_LOG_AUDIT
|
||||
|
||||
+ dnl Expected test results assume this is set to "no"
|
||||
+ AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
|
||||
+ FWD_RELOAD
|
||||
+
|
||||
dnl Verify generic layout of zone
|
||||
NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl
|
||||
table inet firewalld {
|
||||
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
|
||||
index 35aead759a9c..4eefa3286f9f 100644
|
||||
--- a/src/tests/dbus/firewalld.conf.at
|
||||
+++ b/src/tests/dbus/firewalld.conf.at
|
||||
@@ -4,7 +4,7 @@ AT_KEYWORDS(dbus)
|
||||
dnl Verify defaults over dbus. Should be inline with default firewalld.conf.
|
||||
IF_HOST_SUPPORTS_NFT_FIB([
|
||||
DBUS_GETALL([config], [config], 0, [dnl
|
||||
-string "AllowZoneDrifting" : variant string "no"
|
||||
+string "AllowZoneDrifting" : variant string "yes"
|
||||
string "AutomaticHelpers" : variant string "no"
|
||||
string "CleanupOnExit" : variant string "no"
|
||||
string "DefaultZone" : variant string "public"
|
||||
@@ -18,7 +18,7 @@ string "MinimalMark" : variant int32 100
|
||||
string "RFC3964_IPv4" : variant string "yes"
|
||||
])], [
|
||||
DBUS_GETALL([config], [config], 0, [dnl
|
||||
-string "AllowZoneDrifting" : variant string "no"
|
||||
+string "AllowZoneDrifting" : variant string "yes"
|
||||
string "AutomaticHelpers" : variant string "no"
|
||||
string "CleanupOnExit" : variant string "no"
|
||||
string "DefaultZone" : variant string "public"
|
||||
diff --git a/src/tests/features/rfc3964_ipv4.at b/src/tests/features/rfc3964_ipv4.at
|
||||
index 54f5f756270b..15fef52612cc 100644
|
||||
--- a/src/tests/features/rfc3964_ipv4.at
|
||||
+++ b/src/tests/features/rfc3964_ipv4.at
|
||||
@@ -1,6 +1,10 @@
|
||||
FWD_START_TEST([RFC3964_IPv4])
|
||||
AT_KEYWORDS(rfc3964_ipv4)
|
||||
|
||||
+dnl Expected test results assume this is set to "no"
|
||||
+AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
|
||||
+FWD_RELOAD
|
||||
+
|
||||
AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf])
|
||||
AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf])
|
||||
FWD_RELOAD
|
||||
diff --git a/src/tests/functions.at b/src/tests/functions.at
|
||||
index 5b3ed3ee4a5a..8f5ceba4d3f2 100644
|
||||
--- a/src/tests/functions.at
|
||||
+++ b/src/tests/functions.at
|
||||
@@ -230,6 +230,7 @@ m4_define([FWD_END_TEST], [
|
||||
IF_HOST_SUPPORTS_IP6TABLES([], [
|
||||
sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log
|
||||
])
|
||||
+ sed -i "/WARNING: AllowZoneDrifting is enabled./d" ./firewalld.log
|
||||
if test x"$1" != x"ignore"; then
|
||||
if test -n "$1"; then
|
||||
sed -i $1 ./firewalld.log
|
||||
diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at
|
||||
index 241cf547f7f3..8e4846a078b8 100644
|
||||
--- a/src/tests/regression/rhbz1514043.at
|
||||
+++ b/src/tests/regression/rhbz1514043.at
|
||||
@@ -1,6 +1,10 @@
|
||||
FWD_START_TEST([--set-log-denied does not zero config])
|
||||
AT_KEYWORDS(log_denied rhbz1514043)
|
||||
|
||||
+dnl Expected test results assume this is set to "no"
|
||||
+AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf])
|
||||
+FWD_RELOAD
|
||||
+
|
||||
FWD_CHECK([-q --set-log-denied=all])
|
||||
FWD_CHECK([-q --permanent --zone=public --add-service=samba])
|
||||
FWD_RELOAD
|
||||
diff --git a/src/tests/regression/rhbz1715977.at b/src/tests/regression/rhbz1715977.at
|
||||
index d548de72b90c..b9886e1a0a2b 100644
|
||||
--- a/src/tests/regression/rhbz1715977.at
|
||||
+++ b/src/tests/regression/rhbz1715977.at
|
||||
@@ -14,6 +14,7 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
|
||||
udp dport 137 ct state new,untracked accept
|
||||
udp dport 138 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
|
||||
}
|
||||
}
|
||||
@@ -23,6 +24,7 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
])
|
||||
IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
@@ -31,6 +33,7 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept'])
|
||||
@@ -44,6 +47,7 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
|
||||
udp dport 137 ct state new,untracked accept
|
||||
udp dport 138 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
|
||||
ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept
|
||||
}
|
||||
@@ -54,6 +58,7 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
])
|
||||
@@ -63,6 +68,7 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept'])
|
||||
@@ -76,6 +82,7 @@ NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl
|
||||
udp dport 137 ct state new,untracked accept
|
||||
udp dport 138 ct state new,untracked accept
|
||||
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
||||
+ tcp dport 9090 ct state new,untracked accept
|
||||
ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept
|
||||
ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept
|
||||
ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept
|
||||
@@ -87,6 +94,7 @@ IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED
|
||||
@@ -97,6 +105,7 @@ IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED
|
||||
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
||||
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
||||
])
|
||||
|
||||
FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore])
|
||||
--
|
||||
2.23.0
|
||||
|
@ -1,132 +0,0 @@
|
||||
From ff17d85fd863e7be2b4088c92360185aca6693b0 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 7 Nov 2019 08:21:52 -0500
|
||||
Subject: [PATCH] fix: CLI: service: also output helpers for service info
|
||||
|
||||
Fixes: 0c07b704f76d ("feat: CLI: add "helper" support for services")
|
||||
Fixes: rhbz 1769520
|
||||
(cherry picked from commit 6bfffe65f55b727afc37a8c1fb4068f6589bb890)
|
||||
---
|
||||
src/firewall/command.py | 2 ++
|
||||
src/tests/features/helpers_custom.at | 42 ++++++++++++++++++++++++++-
|
||||
src/tests/features/service_include.at | 3 ++
|
||||
3 files changed, 46 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/firewall/command.py b/src/firewall/command.py
|
||||
index 85e58d731a80..c371dc23584c 100644
|
||||
--- a/src/firewall/command.py
|
||||
+++ b/src/firewall/command.py
|
||||
@@ -449,6 +449,7 @@ class FirewallCommand(object):
|
||||
destinations = settings.getDestinations()
|
||||
short_description = settings.getShort()
|
||||
includes = settings.getIncludes()
|
||||
+ helpers = settings.getHelpers()
|
||||
self.print_msg(service)
|
||||
if self.verbose:
|
||||
self.print_msg(" summary: " + short_description)
|
||||
@@ -464,6 +465,7 @@ class FirewallCommand(object):
|
||||
" ".join(["%s:%s" % (k, v)
|
||||
for k, v in destinations.items()]))
|
||||
self.print_msg(" includes: " + " ".join(sorted(includes)))
|
||||
+ self.print_msg(" helpers: " + " ".join(sorted(helpers)))
|
||||
|
||||
def print_icmptype_info(self, icmptype, settings):
|
||||
destinations = settings.getDestinations()
|
||||
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
|
||||
index c65f067a06ec..4c9024d1e2b8 100644
|
||||
--- a/src/tests/features/helpers_custom.at
|
||||
+++ b/src/tests/features/helpers_custom.at
|
||||
@@ -1,5 +1,5 @@
|
||||
FWD_START_TEST([customer helpers])
|
||||
-AT_KEYWORDS(helpers rhbz1733066 gh514)
|
||||
+AT_KEYWORDS(helpers rhbz1733066 gh514 rhbz1769520)
|
||||
|
||||
FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"])
|
||||
FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"])
|
||||
@@ -8,7 +8,27 @@ FWD_CHECK([-q --permanent --new-service="ftptest"])
|
||||
FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"])
|
||||
FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"])
|
||||
FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"])
|
||||
+FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
|
||||
+ftptest
|
||||
+ ports: 2121/tcp
|
||||
+ protocols:
|
||||
+ source-ports:
|
||||
+ modules: ftptest
|
||||
+ destination:
|
||||
+ includes:
|
||||
+ helpers:
|
||||
+])])
|
||||
FWD_RELOAD
|
||||
+FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
|
||||
+ftptest
|
||||
+ ports: 2121/tcp
|
||||
+ protocols:
|
||||
+ source-ports:
|
||||
+ modules: ftptest
|
||||
+ destination:
|
||||
+ includes:
|
||||
+ helpers:
|
||||
+])])
|
||||
|
||||
FWD_CHECK([-q --add-service=ftptest])
|
||||
|
||||
@@ -42,7 +62,27 @@ dnl Same thing as above, but with the new "helper" in service.
|
||||
FWD_CHECK([-q --permanent --service=ftptest --remove-module="ftptest"])
|
||||
FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"], 1)
|
||||
FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftptest"])
|
||||
+FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
|
||||
+ftptest
|
||||
+ ports: 2121/tcp
|
||||
+ protocols:
|
||||
+ source-ports:
|
||||
+ modules:
|
||||
+ destination:
|
||||
+ includes:
|
||||
+ helpers: ftptest
|
||||
+])])
|
||||
FWD_RELOAD
|
||||
+FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl
|
||||
+ftptest
|
||||
+ ports: 2121/tcp
|
||||
+ protocols:
|
||||
+ source-ports:
|
||||
+ modules:
|
||||
+ destination:
|
||||
+ includes:
|
||||
+ helpers: ftptest
|
||||
+])])
|
||||
|
||||
FWD_CHECK([-q --add-service=ftptest])
|
||||
|
||||
diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at
|
||||
index 219d5b42767b..7f02701a9419 100644
|
||||
--- a/src/tests/features/service_include.at
|
||||
+++ b/src/tests/features/service_include.at
|
||||
@@ -76,6 +76,7 @@ my-service-with-include
|
||||
modules:
|
||||
destination:
|
||||
includes: mdns recursive-service ssdp
|
||||
+ helpers:
|
||||
])])
|
||||
FWD_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl
|
||||
my-service-with-include
|
||||
@@ -85,6 +86,7 @@ my-service-with-include
|
||||
modules:
|
||||
destination:
|
||||
includes: mdns recursive-service ssdp
|
||||
+ helpers:
|
||||
])])
|
||||
|
||||
dnl firewall-offline-cmd
|
||||
@@ -106,6 +108,7 @@ my-service-with-include
|
||||
modules:
|
||||
destination:
|
||||
includes: mdns recursive-service ssdp
|
||||
+ helpers:
|
||||
])])
|
||||
|
||||
dnl negative test for including service that doesn't exist
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,29 @@
|
||||
From b2e4f83c8fb011ffe0a8b040fa937f60c842cc25 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 14:42:22 -0400
|
||||
Subject: [PATCH 3/6] fix: nftables: ipset: port ranges for non-default
|
||||
protocols
|
||||
|
||||
Fixes: 2d1b0fe9fe74 ("fix: nftables: allow set intervals with concatenations")
|
||||
(cherry picked from commit e80f4fccfc771128affdc578ed37842d5d469ca9)
|
||||
(cherry picked from commit 6a2fd018666ab8c4877291f8f807a9943db74de3)
|
||||
---
|
||||
src/firewall/core/nftables.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
||||
index a9d5a45337bd..69ee63b32f8b 100644
|
||||
--- a/src/firewall/core/nftables.py
|
||||
+++ b/src/firewall/core/nftables.py
|
||||
@@ -1680,7 +1680,7 @@ class nftables(object):
|
||||
port_str = entry_tokens[i][index+1:]
|
||||
|
||||
try:
|
||||
- index = entry_tokens[i].index("-")
|
||||
+ index = port_str.index("-")
|
||||
except ValueError:
|
||||
fragment.append(port_str)
|
||||
else:
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,44 @@
|
||||
From c694ab9a3d00f0471bfdf73a1b00d43f60395717 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 14:38:45 -0400
|
||||
Subject: [PATCH 4/6] test: ipset: verify port ranges for non-default protocol
|
||||
|
||||
(cherry picked from commit c0ad3a0b3340a27c34b33128f756f64acc3a771b)
|
||||
(cherry picked from commit a2b8a09b929901e14620aa802fd423f958c56188)
|
||||
---
|
||||
src/tests/cli/firewall-cmd.at | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
|
||||
index c47c14ea1fc2..ad7b1b32f42c 100644
|
||||
--- a/src/tests/cli/firewall-cmd.at
|
||||
+++ b/src/tests/cli/firewall-cmd.at
|
||||
@@ -743,6 +743,7 @@ FWD_START_TEST([ipset])
|
||||
dnl multi dimensional set with non default protocol
|
||||
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore)
|
||||
FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore)
|
||||
+ FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore)
|
||||
FWD_RELOAD
|
||||
FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore)
|
||||
FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore)
|
||||
@@ -752,6 +753,7 @@ FWD_START_TEST([ipset])
|
||||
type ipv4_addr . inet_proto . inet_service
|
||||
flags interval
|
||||
elements = { 10.10.10.10 . sctp . 1234,
|
||||
+ 10.10.10.10 . udp . 1000-1002,
|
||||
20.20.20.20 . tcp . 8080 }
|
||||
}
|
||||
}
|
||||
@@ -769,6 +771,9 @@ FWD_START_TEST([ipset])
|
||||
Type: hash:ip,port
|
||||
Members:
|
||||
10.10.10.10,sctp:1234
|
||||
+ 10.10.10.10,udp:1000
|
||||
+ 10.10.10.10,udp:1001
|
||||
+ 10.10.10.10,udp:1002
|
||||
20.20.20.20,tcp:8080
|
||||
])
|
||||
FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore)
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 85782b1fb964e3b67a0276881bdba4ca9881dec3 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 15:21:58 -0400
|
||||
Subject: [PATCH 5/6] test: log: verify logging still works after truncate
|
||||
|
||||
The log policy we ship presumes firewalld opens log files in append
|
||||
mode. This is because the logrotate policy uses "copytruncate". Lets
|
||||
verify that it actually works as expected.
|
||||
|
||||
(cherry picked from commit e887c16512abd6a3051b0519ee9af344c9f08827)
|
||||
(cherry picked from commit 2ab7f9e793a51c9aebe08fff6226c38159ae2312)
|
||||
---
|
||||
src/tests/regression/gh599.at | 16 ++++++++++++++++
|
||||
src/tests/regression/regression.at | 1 +
|
||||
2 files changed, 17 insertions(+)
|
||||
create mode 100644 src/tests/regression/gh599.at
|
||||
|
||||
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
|
||||
new file mode 100644
|
||||
index 000000000000..472f228ba2a9
|
||||
--- /dev/null
|
||||
+++ b/src/tests/regression/gh599.at
|
||||
@@ -0,0 +1,16 @@
|
||||
+FWD_START_TEST([writing to log after copytruncate])
|
||||
+AT_KEYWORDS(gh599)
|
||||
+
|
||||
+AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
|
||||
+AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
|
||||
+
|
||||
+dnl Verify we continue to write to the log file after it's truncated. That is,
|
||||
+dnl simulate logrotate's copytruncate.
|
||||
+NS_CHECK([truncate -s 0 ./firewalld.log])
|
||||
+
|
||||
+dnl generate some logs, anything will do since we have debug enabled.
|
||||
+FWD_CHECK([--list-all], 0, [ignore], [ignore])
|
||||
+
|
||||
+NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
|
||||
+
|
||||
+FWD_END_TEST
|
||||
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
|
||||
index 8042c3a27f89..2528ddd3fede 100644
|
||||
--- a/src/tests/regression/regression.at
|
||||
+++ b/src/tests/regression/regression.at
|
||||
@@ -27,3 +27,4 @@ m4_include([regression/gh509.at])
|
||||
m4_include([regression/gh567.at])
|
||||
m4_include([regression/rhbz1779835.at])
|
||||
m4_include([regression/gh330.at])
|
||||
+m4_include([regression/gh599.at])
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,32 @@
|
||||
From 01dd132e2004e6d40c6c2200f6105ca49594041a Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Mon, 6 Apr 2020 15:34:57 -0400
|
||||
Subject: [PATCH 6/6] fix: test/regression/gh599: fix if not using debug output
|
||||
|
||||
Fixes: e887c16512ab ("test: log: verify logging still works after truncate")
|
||||
(cherry picked from commit f7e3c60263e144a04ee175d5f7bb3fa4636a97a4)
|
||||
(cherry picked from commit e78548b1fd6e87500d7df3ade5373285ca525f03)
|
||||
---
|
||||
src/tests/regression/gh599.at | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
|
||||
index 472f228ba2a9..337e18018baf 100644
|
||||
--- a/src/tests/regression/gh599.at
|
||||
+++ b/src/tests/regression/gh599.at
|
||||
@@ -8,9 +8,9 @@ dnl Verify we continue to write to the log file after it's truncated. That is,
|
||||
dnl simulate logrotate's copytruncate.
|
||||
NS_CHECK([truncate -s 0 ./firewalld.log])
|
||||
|
||||
-dnl generate some logs, anything will do since we have debug enabled.
|
||||
-FWD_CHECK([--list-all], 0, [ignore], [ignore])
|
||||
+dnl generate some logs
|
||||
+FWD_CHECK([-q --add-service=this_does_not_exist], 101, [ignore], [ignore])
|
||||
|
||||
NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
|
||||
|
||||
-FWD_END_TEST
|
||||
+FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d'])
|
||||
--
|
||||
2.23.0
|
||||
|
@ -0,0 +1,496 @@
|
||||
From 5a912cc04a75e018631745647a524cce8569505b Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Wed, 8 Apr 2020 13:38:06 -0400
|
||||
Subject: [PATCH 07/10] test: dbus: zone: verify permanent config API
|
||||
signatures
|
||||
|
||||
(cherry picked from commit f6a6837cb49d5a9ca4ea08964fb62bb9f7f420ac)
|
||||
(cherry picked from commit 7cc77369cd68ff1860b151fc649d237f1feb84ba)
|
||||
---
|
||||
src/tests/dbus/dbus.at | 1 +
|
||||
src/tests/dbus/zone_permanent_signatures.at | 464 ++++++++++++++++++++
|
||||
2 files changed, 465 insertions(+)
|
||||
create mode 100644 src/tests/dbus/zone_permanent_signatures.at
|
||||
|
||||
diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at
|
||||
index 46fec2ff4024..ffef478f5449 100644
|
||||
--- a/src/tests/dbus/dbus.at
|
||||
+++ b/src/tests/dbus/dbus.at
|
||||
@@ -1,3 +1,4 @@
|
||||
AT_BANNER([dbus])
|
||||
m4_include([dbus/firewalld.conf.at])
|
||||
m4_include([dbus/service.at])
|
||||
+m4_include([dbus/zone_permanent_signatures.at])
|
||||
diff --git a/src/tests/dbus/zone_permanent_signatures.at b/src/tests/dbus/zone_permanent_signatures.at
|
||||
new file mode 100644
|
||||
index 000000000000..15319552c15f
|
||||
--- /dev/null
|
||||
+++ b/src/tests/dbus/zone_permanent_signatures.at
|
||||
@@ -0,0 +1,464 @@
|
||||
+FWD_START_TEST([dbus api - zone permanent signatures])
|
||||
+AT_KEYWORDS(dbus zone gh586)
|
||||
+
|
||||
+dnl ####################
|
||||
+dnl Global APIs
|
||||
+dnl ####################
|
||||
+
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="listZones"]]], 0, [dnl
|
||||
+ <method name="listZones">
|
||||
+ <arg direction="out" type="ao"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="getZoneNames"]]], 0, [dnl
|
||||
+ <method name="getZoneNames">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="getZoneByName"]]], 0, [dnl
|
||||
+ <method name="getZoneByName">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="o"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="addZone"]]], 0, [dnl
|
||||
+ <method name="addZone">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="settings" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
|
||||
+ <arg direction="out" type="o"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl zone relation to interface/sources
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="getZoneOfInterface"]]], 0, [dnl
|
||||
+ <method name="getZoneOfInterface">
|
||||
+ <arg direction="in" name="iface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config], [[//method[@name="getZoneOfSource"]]], 0, [dnl
|
||||
+ <method name="getZoneOfSource">
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+
|
||||
+dnl ####################
|
||||
+dnl Zone object APIs
|
||||
+dnl ####################
|
||||
+
|
||||
+dnl Get a reference to the public zone. We'll use it to introspect APIs.
|
||||
+DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout])
|
||||
+DBUS_PUBLIC_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)]
|
||||
+export DBUS_PUBLIC_ZONE_OBJ
|
||||
+
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSettings"]]], 0, [dnl
|
||||
+ <method name="getSettings">
|
||||
+ <arg direction="out" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="update"]]], 0, [dnl
|
||||
+ <method name="update">
|
||||
+ <arg direction="in" name="settings" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="loadDefaults"]]], 0, [dnl
|
||||
+ <method name="loadDefaults">
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="remove"]]], 0, [dnl
|
||||
+ <method name="remove">
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="rename"]]], 0, [dnl
|
||||
+ <method name="rename">
|
||||
+ <arg direction="in" name="name" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Version
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getVersion"]]], 0, [dnl
|
||||
+ <method name="getVersion">
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setVersion"]]], 0, [dnl
|
||||
+ <method name="setVersion">
|
||||
+ <arg direction="in" name="version" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Short
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getShort"]]], 0, [dnl
|
||||
+ <method name="getShort">
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setShort"]]], 0, [dnl
|
||||
+ <method name="setShort">
|
||||
+ <arg direction="in" name="short" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Description
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getDescription"]]], 0, [dnl
|
||||
+ <method name="getDescription">
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setDescription"]]], 0, [dnl
|
||||
+ <method name="setDescription">
|
||||
+ <arg direction="in" name="description" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Target
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getTarget"]]], 0, [dnl
|
||||
+ <method name="getTarget">
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setTarget"]]], 0, [dnl
|
||||
+ <method name="setTarget">
|
||||
+ <arg direction="in" name="target" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Interfaces
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getInterfaces"]]], 0, [dnl
|
||||
+ <method name="getInterfaces">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setInterfaces"]]], 0, [dnl
|
||||
+ <method name="setInterfaces">
|
||||
+ <arg direction="in" name="interfaces" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addInterface"]]], 0, [dnl
|
||||
+ <method name="addInterface">
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeInterface"]]], 0, [dnl
|
||||
+ <method name="removeInterface">
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryInterface"]]], 0, [dnl
|
||||
+ <method name="queryInterface">
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Sources
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSources"]]], 0, [dnl
|
||||
+ <method name="getSources">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setSources"]]], 0, [dnl
|
||||
+ <method name="setSources">
|
||||
+ <arg direction="in" name="sources" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addSource"]]], 0, [dnl
|
||||
+ <method name="addSource">
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeSource"]]], 0, [dnl
|
||||
+ <method name="removeSource">
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="querySource"]]], 0, [dnl
|
||||
+ <method name="querySource">
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Services
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getServices"]]], 0, [dnl
|
||||
+ <method name="getServices">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setServices"]]], 0, [dnl
|
||||
+ <method name="setServices">
|
||||
+ <arg direction="in" name="services" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addService"]]], 0, [dnl
|
||||
+ <method name="addService">
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeService"]]], 0, [dnl
|
||||
+ <method name="removeService">
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryService"]]], 0, [dnl
|
||||
+ <method name="queryService">
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Ports
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getPorts"]]], 0, [dnl
|
||||
+ <method name="getPorts">
|
||||
+ <arg direction="out" type="a(ss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setPorts"]]], 0, [dnl
|
||||
+ <method name="setPorts">
|
||||
+ <arg direction="in" name="ports" type="a(ss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addPort"]]], 0, [dnl
|
||||
+ <method name="addPort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removePort"]]], 0, [dnl
|
||||
+ <method name="removePort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryPort"]]], 0, [dnl
|
||||
+ <method name="queryPort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Source Ports
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getSourcePorts"]]], 0, [dnl
|
||||
+ <method name="getSourcePorts">
|
||||
+ <arg direction="out" type="a(ss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setSourcePorts"]]], 0, [dnl
|
||||
+ <method name="setSourcePorts">
|
||||
+ <arg direction="in" name="ports" type="a(ss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addSourcePort"]]], 0, [dnl
|
||||
+ <method name="addSourcePort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeSourcePort"]]], 0, [dnl
|
||||
+ <method name="removeSourcePort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="querySourcePort"]]], 0, [dnl
|
||||
+ <method name="querySourcePort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Protocol
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getProtocols"]]], 0, [dnl
|
||||
+ <method name="getProtocols">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setProtocols"]]], 0, [dnl
|
||||
+ <method name="setProtocols">
|
||||
+ <arg direction="in" name="protocols" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addProtocol"]]], 0, [dnl
|
||||
+ <method name="addProtocol">
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeProtocol"]]], 0, [dnl
|
||||
+ <method name="removeProtocol">
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryProtocol"]]], 0, [dnl
|
||||
+ <method name="queryProtocol">
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Forward Ports
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getForwardPorts"]]], 0, [dnl
|
||||
+ <method name="getForwardPorts">
|
||||
+ <arg direction="out" type="a(ssss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setForwardPorts"]]], 0, [dnl
|
||||
+ <method name="setForwardPorts">
|
||||
+ <arg direction="in" name="ports" type="a(ssss)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addForwardPort"]]], 0, [dnl
|
||||
+ <method name="addForwardPort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeForwardPort"]]], 0, [dnl
|
||||
+ <method name="removeForwardPort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryForwardPort"]]], 0, [dnl
|
||||
+ <method name="queryForwardPort">
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Masquerade
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getMasquerade"]]], 0, [dnl
|
||||
+ <method name="getMasquerade">
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setMasquerade"]]], 0, [dnl
|
||||
+ <method name="setMasquerade">
|
||||
+ <arg direction="in" name="masquerade" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addMasquerade"]]], 0, [dnl
|
||||
+ <method name="addMasquerade">
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeMasquerade"]]], 0, [dnl
|
||||
+ <method name="removeMasquerade">
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryMasquerade"]]], 0, [dnl
|
||||
+ <method name="queryMasquerade">
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl ICMP Block
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getIcmpBlocks"]]], 0, [dnl
|
||||
+ <method name="getIcmpBlocks">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setIcmpBlocks"]]], 0, [dnl
|
||||
+ <method name="setIcmpBlocks">
|
||||
+ <arg direction="in" name="icmptypes" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="addIcmpBlock">
|
||||
+ <arg direction="in" name="icmptype" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="removeIcmpBlock">
|
||||
+ <arg direction="in" name="icmptype" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="queryIcmpBlock">
|
||||
+ <arg direction="in" name="icmptype" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl ICMP Block Inversion
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="getIcmpBlockInversion">
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="setIcmpBlockInversion">
|
||||
+ <arg direction="in" name="flag" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="addIcmpBlockInversion">
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="removeIcmpBlockInversion">
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="queryIcmpBlockInversion">
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Rich Rules
|
||||
+dnl
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="getRichRules"]]], 0, [dnl
|
||||
+ <method name="getRichRules">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="setRichRules"]]], 0, [dnl
|
||||
+ <method name="setRichRules">
|
||||
+ <arg direction="in" name="rules" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="addRichRule"]]], 0, [dnl
|
||||
+ <method name="addRichRule">
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="removeRichRule"]]], 0, [dnl
|
||||
+ <method name="removeRichRule">
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//method[@name="queryRichRule"]]], 0, [dnl
|
||||
+ <method name="queryRichRule">
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+FWD_END_TEST
|
||||
--
|
||||
2.25.2
|
||||
|
@ -0,0 +1,446 @@
|
||||
From 3122491686014a2cdd83d3506334055fd18c80e0 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Wed, 8 Apr 2020 14:16:48 -0400
|
||||
Subject: [PATCH 08/10] test: dbus: zone: verify runtime config API signatures
|
||||
|
||||
(cherry picked from commit fca39ea7edbd57283bc15fdd88fbfd4b1943f977)
|
||||
(cherry picked from commit d17a68d680b631954fdb5031a3c0627a68f77049)
|
||||
---
|
||||
src/tests/dbus/dbus.at | 1 +
|
||||
src/tests/dbus/zone_runtime_signatures.at | 415 ++++++++++++++++++++++
|
||||
2 files changed, 416 insertions(+)
|
||||
create mode 100644 src/tests/dbus/zone_runtime_signatures.at
|
||||
|
||||
diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at
|
||||
index ffef478f5449..377244460e7a 100644
|
||||
--- a/src/tests/dbus/dbus.at
|
||||
+++ b/src/tests/dbus/dbus.at
|
||||
@@ -2,3 +2,4 @@ AT_BANNER([dbus])
|
||||
m4_include([dbus/firewalld.conf.at])
|
||||
m4_include([dbus/service.at])
|
||||
m4_include([dbus/zone_permanent_signatures.at])
|
||||
+m4_include([dbus/zone_runtime_signatures.at])
|
||||
diff --git a/src/tests/dbus/zone_runtime_signatures.at b/src/tests/dbus/zone_runtime_signatures.at
|
||||
new file mode 100644
|
||||
index 000000000000..53fdbea03180
|
||||
--- /dev/null
|
||||
+++ b/src/tests/dbus/zone_runtime_signatures.at
|
||||
@@ -0,0 +1,415 @@
|
||||
+FWD_START_TEST([dbus api - zone runtime signatures])
|
||||
+AT_KEYWORDS(dbus zone gh586)
|
||||
+
|
||||
+dnl ####################
|
||||
+dnl Global APIs
|
||||
+dnl ####################
|
||||
+
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getZoneSettings"]]], 0, [dnl
|
||||
+ <method name="getZoneSettings">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Default Zone
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getDefaultZone"]]], 0, [dnl
|
||||
+ <method name="getDefaultZone">
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="setDefaultZone"]]], 0, [dnl
|
||||
+ <method name="setDefaultZone">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Fetching Zones
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getZones"]]], 0, [dnl
|
||||
+ <method name="getZones">
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getActiveZones"]]], 0, [dnl
|
||||
+ <method name="getActiveZones">
|
||||
+ <arg direction="out" type="a{sa{sas}}"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Interface/Source
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getZoneOfInterface"]]], 0, [dnl
|
||||
+ <method name="getZoneOfInterface">
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getZoneOfSource"]]], 0, [dnl
|
||||
+ <method name="getZoneOfSource">
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl ####################
|
||||
+dnl Zone APIs
|
||||
+dnl ####################
|
||||
+
|
||||
+DBUS_INTROSPECT([], [[//method[@name="isImmutable"]]], 0, [dnl
|
||||
+ <method name="isImmutable">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Interfaces
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addInterface"]]], 0, [dnl
|
||||
+ <method name="addInterface">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="changeZone"]]], 0, [dnl
|
||||
+ <method name="changeZone">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="changeZoneOfInterface"]]], 0, [dnl
|
||||
+ <method name="changeZoneOfInterface">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeInterface"]]], 0, [dnl
|
||||
+ <method name="removeInterface">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryInterface"]]], 0, [dnl
|
||||
+ <method name="queryInterface">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="interface" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getInterfaces"]]], 0, [dnl
|
||||
+ <method name="getInterfaces">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Sources
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addSource"]]], 0, [dnl
|
||||
+ <method name="addSource">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="changeZoneOfSource"]]], 0, [dnl
|
||||
+ <method name="changeZoneOfSource">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeSource"]]], 0, [dnl
|
||||
+ <method name="removeSource">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="querySource"]]], 0, [dnl
|
||||
+ <method name="querySource">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="source" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getSources"]]], 0, [dnl
|
||||
+ <method name="getSources">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Services
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addService"]]], 0, [dnl
|
||||
+ <method name="addService">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeService"]]], 0, [dnl
|
||||
+ <method name="removeService">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryService"]]], 0, [dnl
|
||||
+ <method name="queryService">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="service" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getServices"]]], 0, [dnl
|
||||
+ <method name="getServices">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Protocols
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addProtocol"]]], 0, [dnl
|
||||
+ <method name="addProtocol">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeProtocol"]]], 0, [dnl
|
||||
+ <method name="removeProtocol">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryProtocol"]]], 0, [dnl
|
||||
+ <method name="queryProtocol">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getProtocols"]]], 0, [dnl
|
||||
+ <method name="getProtocols">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Ports
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addPort"]]], 0, [dnl
|
||||
+ <method name="addPort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removePort"]]], 0, [dnl
|
||||
+ <method name="removePort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryPort"]]], 0, [dnl
|
||||
+ <method name="queryPort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getPorts"]]], 0, [dnl
|
||||
+ <method name="getPorts">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ dnl NOTE: The signature is "aas", but getPorts() actually returns
|
||||
+ dnl "a(ss)". Apparently python-dbus coerces to "aas".
|
||||
+ <arg direction="out" type="aas"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Source Ports
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addSourcePort"]]], 0, [dnl
|
||||
+ <method name="addSourcePort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeSourcePort"]]], 0, [dnl
|
||||
+ <method name="removeSourcePort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="querySourcePort"]]], 0, [dnl
|
||||
+ <method name="querySourcePort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getSourcePorts"]]], 0, [dnl
|
||||
+ <method name="getSourcePorts">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ dnl NOTE: The signature is "aas", but getPorts() actually returns
|
||||
+ dnl "a(ss)". Apparently python-dbus coerces to "aas".
|
||||
+ <arg direction="out" type="aas"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Forward Ports
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addForwardPort"]]], 0, [dnl
|
||||
+ <method name="addForwardPort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeForwardPort"]]], 0, [dnl
|
||||
+ <method name="removeForwardPort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryForwardPort"]]], 0, [dnl
|
||||
+ <method name="queryForwardPort">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="port" type="s"></arg>
|
||||
+ <arg direction="in" name="protocol" type="s"></arg>
|
||||
+ <arg direction="in" name="toport" type="s"></arg>
|
||||
+ <arg direction="in" name="toaddr" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getForwardPorts"]]], 0, [dnl
|
||||
+ <method name="getForwardPorts">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ dnl NOTE: The signature is "aas", but getPorts() actually returns
|
||||
+ dnl "a(ssss)". Apparently python-dbus coerces to "aas".
|
||||
+ <arg direction="out" type="aas"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Masquerade
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addMasquerade"]]], 0, [dnl
|
||||
+ <method name="addMasquerade">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeMasquerade"]]], 0, [dnl
|
||||
+ <method name="removeMasquerade">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryMasquerade"]]], 0, [dnl
|
||||
+ <method name="queryMasquerade">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl ICMP Block
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="addIcmpBlock">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="icmp" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="removeIcmpBlock">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="icmp" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryIcmpBlock"]]], 0, [dnl
|
||||
+ <method name="queryIcmpBlock">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="icmp" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getIcmpBlocks"]]], 0, [dnl
|
||||
+ <method name="getIcmpBlocks">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl ICMP Block Inversion
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="addIcmpBlockInversion">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="removeIcmpBlockInversion">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryIcmpBlockInversion"]]], 0, [dnl
|
||||
+ <method name="queryIcmpBlockInversion">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+dnl Rich Rules
|
||||
+DBUS_INTROSPECT([], [[//method[@name="addRichRule"]]], 0, [dnl
|
||||
+ <method name="addRichRule">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ <arg direction="in" name="timeout" type="i"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="removeRichRule"]]], 0, [dnl
|
||||
+ <method name="removeRichRule">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ <arg direction="out" type="s"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="queryRichRule"]]], 0, [dnl
|
||||
+ <method name="queryRichRule">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="in" name="rule" type="s"></arg>
|
||||
+ <arg direction="out" type="b"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+DBUS_INTROSPECT([], [[//method[@name="getRichRules"]]], 0, [dnl
|
||||
+ <method name="getRichRules">
|
||||
+ <arg direction="in" name="zone" type="s"></arg>
|
||||
+ <arg direction="out" type="as"></arg>
|
||||
+ </method>
|
||||
+])
|
||||
+
|
||||
+FWD_END_TEST
|
||||
--
|
||||
2.25.2
|
||||
|
@ -0,0 +1,38 @@
|
||||
From ac3d706eb4bfead921c7e739e5e95a186bf35438 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Wed, 8 Apr 2020 17:05:39 -0400
|
||||
Subject: [PATCH 09/10] fix: test/regression/gh599: use expr to be more
|
||||
portable
|
||||
|
||||
dash was failing due to not having "let". So lets use "expr" instead.
|
||||
|
||||
Fixes: e887c16512ab ("test: log: verify logging still works after truncate")
|
||||
(cherry picked from commit eba44b2ebeedccbac0329a56c86c5d8f26c30f9f)
|
||||
(cherry picked from commit cdd7c9d60624a443a0a07c29081d0ef68a384beb)
|
||||
---
|
||||
src/tests/regression/gh599.at | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
|
||||
index 337e18018baf..b0a230733c85 100644
|
||||
--- a/src/tests/regression/gh599.at
|
||||
+++ b/src/tests/regression/gh599.at
|
||||
@@ -3,6 +3,7 @@ AT_KEYWORDS(gh599)
|
||||
|
||||
AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
|
||||
AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
|
||||
+AT_SKIP_IF([! NS_CMD([which expr >/dev/null 2>&1])])
|
||||
|
||||
dnl Verify we continue to write to the log file after it's truncated. That is,
|
||||
dnl simulate logrotate's copytruncate.
|
||||
@@ -11,6 +12,6 @@ NS_CHECK([truncate -s 0 ./firewalld.log])
|
||||
dnl generate some logs
|
||||
FWD_CHECK([-q --add-service=this_does_not_exist], 101, [ignore], [ignore])
|
||||
|
||||
-NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
|
||||
+NS_CHECK([expr $(cat ./firewalld.log | wc -c) ">" 0], 0, [ignore], [ignore])
|
||||
|
||||
FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d'])
|
||||
--
|
||||
2.25.2
|
||||
|
@ -0,0 +1,27 @@
|
||||
From 10f7c0956e7c7054da9e6187aa525c23f65a8dfc Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Tue, 14 Apr 2020 07:40:48 -0400
|
||||
Subject: [PATCH 10/10] fix(systemd): Conflict with nftables.service
|
||||
|
||||
(cherry picked from commit 7b6aff3a51a955399c782f48137405d0fa94e966)
|
||||
(cherry picked from commit fc00563ef029cb4c12c652725bfd3a3b5122d136)
|
||||
---
|
||||
config/firewalld.service.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
|
||||
index b757a08f28dc..afbe0ac5def7 100644
|
||||
--- a/config/firewalld.service.in
|
||||
+++ b/config/firewalld.service.in
|
||||
@@ -4,7 +4,7 @@ Before=network-pre.target
|
||||
Wants=network-pre.target
|
||||
After=dbus.service
|
||||
After=polkit.service
|
||||
-Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
|
||||
+Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service
|
||||
Documentation=man:firewalld(1)
|
||||
|
||||
[Service]
|
||||
--
|
||||
2.25.2
|
||||
|
@ -1,12 +1,20 @@
|
||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||
Name: firewalld
|
||||
Version: 0.8.0
|
||||
Release: 2%{?dist}
|
||||
Version: 0.8.2
|
||||
Release: 1%{?dist}
|
||||
URL: http://www.firewalld.org
|
||||
License: GPLv2+
|
||||
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
|
||||
Patch1: RHEL-only-0001-Add-cockpit-by-default-to-some-zones.patch
|
||||
Patch2: 0002-fix-CLI-service-also-output-helpers-for-service-info.patch
|
||||
Patch1: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch
|
||||
Patch2: 0002-RHEL-only-default-to-AllowZoneDrifting-yes.patch
|
||||
Patch3: 0003-fix-nftables-ipset-port-ranges-for-non-default-proto.patch
|
||||
Patch4: 0004-test-ipset-verify-port-ranges-for-non-default-protoc.patch
|
||||
Patch5: 0005-test-log-verify-logging-still-works-after-truncate.patch
|
||||
Patch6: 0006-fix-test-regression-gh599-fix-if-not-using-debug-out.patch
|
||||
Patch7: 0007-test-dbus-zone-verify-permanent-config-API-signature.patch
|
||||
Patch8: 0008-test-dbus-zone-verify-runtime-config-API-signatures.patch
|
||||
Patch9: 0009-fix-test-regression-gh599-use-expr-to-be-more-portab.patch
|
||||
Patch10: 0010-fix-systemd-Conflict-with-nftables.service.patch
|
||||
|
||||
BuildArch: noarch
|
||||
BuildRequires: autoconf
|
||||
@ -150,6 +158,7 @@ desktop-file-install --delete-original \
|
||||
%{_mandir}/man1/firewalld*.1*
|
||||
%{_mandir}/man5/firewall*.5*
|
||||
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
|
||||
%{_sysconfdir}/logrotate.d/firewalld
|
||||
|
||||
%files -n python3-firewall
|
||||
%attr(0755,root,root) %dir %{python3_sitelib}/firewall
|
||||
@ -204,6 +213,15 @@ desktop-file-install --delete-original \
|
||||
%{_mandir}/man1/firewall-config*.1*
|
||||
|
||||
%changelog
|
||||
* Mon Apr 06 2020 Eric Garver <egarver@redhat.com> - 0.8.2-1
|
||||
- rebase to v0.8.2
|
||||
|
||||
* Thu Feb 27 2020 Eric Garver <egarver@redhat.com> - 0.8.0-4
|
||||
- doc: direct: add CAVEATS section
|
||||
|
||||
* Mon Feb 03 2020 Eric Garver <egarver@redhat.com> - 0.8.0-3
|
||||
- restore zone drifting as a feature
|
||||
|
||||
* Tue Nov 12 2019 Eric Garver <egarver@redhat.com> - 0.8.0-2
|
||||
- fix: CLI: service: also output helpers for service info
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user