fix: enable forward by default for Fedora zones

Upstream enabled forward [1] by default for stock zones in v1.0.0. FedoraServer and FedoraWorkstation should follow upstream. This fixes some out of the box issues for users. e.g. wireguard doesn't work until user does `firewall-cmd --add-forward` With this enabled wireguard and other VPNs will work out of the box. [1]: https://firewalld.org/2020/04/intra-zone-forwarding
2022-07-07 10:36:56 -04:00 · 2022-07-07 10:36:56 -04:00 · c2e602b9fa
commit c2e602b9fa
parent 7b910e1756
3 changed files with 6 additions and 1 deletions
--- a/FedoraServer.xml
+++ b/FedoraServer.xml
@ -5,4 +5,5 @@
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <service name="cockpit"/>
+  <forward/>
 </zone>
--- a/FedoraWorkstation.xml
+++ b/FedoraWorkstation.xml
@ -7,4 +7,5 @@
  <service name="samba-client"/>
  <port protocol="udp" port="1025-65535"/>
  <port protocol="tcp" port="1025-65535"/>
+  <forward/>
 </zone>
--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 1.2.0
-Release: 0%{?dist}
+Release: 2%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
@ -304,6 +304,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*

 %changelog
+* Wed Jul 06 2022 Eric Garver <eric@garver.life> - 1.2.0-2
+- enable forward for Fedora zones
+
 * Wed Jul 06 2022 Eric Garver <eric@garver.life> - 1.2.0-1
 - rebase package to v1.2.0