From c2e602b9fa037b10c843f43afbb2d1d3fc9b612a Mon Sep 17 00:00:00 2001
From: Eric Garver <egarver@redhat.com>
Date: Thu, 7 Jul 2022 10:36:56 -0400
Subject: [PATCH] fix: enable forward by default for Fedora zones

Upstream enabled forward [1] by default for stock zones in v1.0.0.
FedoraServer and FedoraWorkstation should follow upstream. This fixes
some out of the box issues for users.

e.g. wireguard doesn't work until user does `firewall-cmd --add-forward`

With this enabled wireguard and other VPNs will work out of the box.

[1]: https://firewalld.org/2020/04/intra-zone-forwarding
---
 FedoraServer.xml      | 1 +
 FedoraWorkstation.xml | 1 +
 firewalld.spec        | 5 ++++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/FedoraServer.xml b/FedoraServer.xml
index 617e131..62bc751 100644
--- a/FedoraServer.xml
+++ b/FedoraServer.xml
@@ -5,4 +5,5 @@
   <service name="ssh"/>
   <service name="dhcpv6-client"/>
   <service name="cockpit"/>
+  <forward/>
 </zone>
diff --git a/FedoraWorkstation.xml b/FedoraWorkstation.xml
index d29d550..7c37c97 100644
--- a/FedoraWorkstation.xml
+++ b/FedoraWorkstation.xml
@@ -7,4 +7,5 @@
   <service name="samba-client"/>
   <port protocol="udp" port="1025-65535"/>
   <port protocol="tcp" port="1025-65535"/>
+  <forward/>
 </zone>
diff --git a/firewalld.spec b/firewalld.spec
index e50e163..fdec5c2 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 1.2.0
-Release: 0%{?dist}
+Release: 2%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
@@ -304,6 +304,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Wed Jul 06 2022 Eric Garver <eric@garver.life> - 1.2.0-2
+- enable forward for Fedora zones
+
 * Wed Jul 06 2022 Eric Garver <eric@garver.life> - 1.2.0-1
 - rebase package to v1.2.0