rebase to v0.6.0
This commit is contained in:
parent
00cd29af08
commit
cb592bb50d
1
.gitignore
vendored
1
.gitignore
vendored
@ -49,3 +49,4 @@
|
|||||||
/firewalld-0.5.1.tar.gz
|
/firewalld-0.5.1.tar.gz
|
||||||
/firewalld-0.5.2.tar.gz
|
/firewalld-0.5.2.tar.gz
|
||||||
/firewalld-0.5.3.tar.gz
|
/firewalld-0.5.3.tar.gz
|
||||||
|
/firewalld-0.6.0.tar.gz
|
||||||
|
@ -1,48 +0,0 @@
|
|||||||
From 0cf02b4c0d4a3b7f55ded6d4d41cf184bc1881e0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Eric Garver <e@erig.me>
|
|
||||||
Date: Tue, 3 Jul 2018 09:12:28 -0400
|
|
||||||
Subject: [PATCH] IPv6 rpfilter: explicitly allow neighbor solicitation
|
|
||||||
|
|
||||||
Some kernel versions (4.16-4.17) have a bug which causes the rpfilter
|
|
||||||
extension to not match neighbor solicitation frames. This causes the
|
|
||||||
IPv6 rpfilter to mistakenly drop them. Lets work around the buggy kernel
|
|
||||||
versions by explicitly allowing neighbor solicitation.
|
|
||||||
|
|
||||||
Fixes: rhbz 1575431
|
|
||||||
(cherry picked from commit 3d6a5063566319b5df58c6f738f203e88724961e)
|
|
||||||
---
|
|
||||||
src/firewall/core/ipXtables.py | 11 ++++++++---
|
|
||||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
|
|
||||||
index 437808027155..c2aac90d838c 100644
|
|
||||||
--- a/src/firewall/core/ipXtables.py
|
|
||||||
+++ b/src/firewall/core/ipXtables.py
|
|
||||||
@@ -474,16 +474,21 @@ class ip6tables(ip4tables):
|
|
||||||
|
|
||||||
def apply_rpfilter_rules(self, transaction, log_denied=False):
|
|
||||||
transaction.add_rule(self.ipv,
|
|
||||||
- [ "-I", "PREROUTING", "1", "-t", "raw",
|
|
||||||
+ [ "-I", "PREROUTING", "1", "-t", "raw",
|
|
||||||
+ "-p", "ipv6-icmp",
|
|
||||||
+ "--icmpv6-type=neighbour-solicitation",
|
|
||||||
+ "-j", "ACCEPT" ]) # RHBZ#1575431, kernel bug in 4.16-4.17
|
|
||||||
+ transaction.add_rule(self.ipv,
|
|
||||||
+ [ "-I", "PREROUTING", "2", "-t", "raw",
|
|
||||||
"-p", "ipv6-icmp",
|
|
||||||
"--icmpv6-type=router-advertisement",
|
|
||||||
"-j", "ACCEPT" ]) # RHBZ#1058505
|
|
||||||
transaction.add_rule(self.ipv,
|
|
||||||
- [ "-I", "PREROUTING", "2", "-t", "raw",
|
|
||||||
+ [ "-I", "PREROUTING", "3", "-t", "raw",
|
|
||||||
"-m", "rpfilter", "--invert", "-j", "DROP" ])
|
|
||||||
if log_denied != "off":
|
|
||||||
transaction.add_rule(self.ipv,
|
|
||||||
- [ "-I", "PREROUTING", "2", "-t", "raw",
|
|
||||||
+ [ "-I", "PREROUTING", "3", "-t", "raw",
|
|
||||||
"-m", "rpfilter", "--invert",
|
|
||||||
"-j", "LOG",
|
|
||||||
"--log-prefix", "rpfilter_DROP: " ])
|
|
||||||
--
|
|
||||||
2.16.3
|
|
||||||
|
|
@ -1,18 +1,13 @@
|
|||||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||||
Name: firewalld
|
Name: firewalld
|
||||||
Version: 0.5.3
|
Version: 0.6.0
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: http://www.firewalld.org
|
URL: http://www.firewalld.org
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||||
%if 0%{?fedora}
|
|
||||||
Source1: FedoraServer.xml
|
Source1: FedoraServer.xml
|
||||||
Source2: FedoraWorkstation.xml
|
Source2: FedoraWorkstation.xml
|
||||||
%endif
|
|
||||||
%if 0%{?fedora}
|
|
||||||
Patch0: firewalld-0.2.6-MDNS-default.patch
|
Patch0: firewalld-0.2.6-MDNS-default.patch
|
||||||
Patch1: 0001-IPv6-rpfilter-explicitly-allow-neighbor-solicitation.patch
|
|
||||||
%endif
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -25,33 +20,19 @@ BuildRequires: systemd-units
|
|||||||
BuildRequires: docbook-style-xsl
|
BuildRequires: docbook-style-xsl
|
||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: iptables, ebtables, ipset
|
BuildRequires: iptables, ebtables, ipset
|
||||||
|
BuildRequires: nftables
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
Requires: iptables, ebtables, ipset
|
Requires: iptables, ebtables, ipset
|
||||||
|
Requires: nftables >= 0.9.0
|
||||||
|
Requires: kernel >= 4.18.0
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
Requires: firewalld-filesystem = %{version}-%{release}
|
Requires: firewalld-filesystem = %{version}-%{release}
|
||||||
Requires: python3-firewall = %{version}-%{release}
|
Requires: python3-firewall = %{version}-%{release}
|
||||||
%if 0%{?fedora} == 23
|
|
||||||
Conflicts: selinux-policy < 3.13.1-158.25
|
|
||||||
%endif
|
|
||||||
%if 0%{?fedora} == 24
|
|
||||||
Conflicts: selinux-policy < 3.13.1-191.23
|
|
||||||
%endif
|
|
||||||
%if 0%{?fedora} == 25
|
|
||||||
Conflicts: selinux-policy < 3.13.1-225
|
|
||||||
%endif
|
|
||||||
%if 0%{?fedora} > 25
|
|
||||||
Conflicts: selinux-policy < 3.13.1-227
|
|
||||||
%endif
|
|
||||||
%if 0%{?rhel} >= 7
|
|
||||||
Conflicts: selinux-policy < 3.13.1-89
|
|
||||||
Conflicts: squid < 7:3.5.10-1
|
|
||||||
%endif
|
|
||||||
# Obsolete firewalld-selinux-0.4.4.2-1
|
|
||||||
Obsoletes: firewalld-selinux < 0.4.4.2-2
|
Obsoletes: firewalld-selinux < 0.4.4.2-2
|
||||||
|
Conflicts: selinux-policy < 3.14.1-28
|
||||||
|
|
||||||
%if 0%{?fedora} > 21
|
|
||||||
Provides: variant_config(Server)
|
Provides: variant_config(Server)
|
||||||
Provides: variant_config(Workstation)
|
Provides: variant_config(Workstation)
|
||||||
|
|
||||||
@ -60,7 +41,6 @@ Obsoletes: firewalld-config-standard <= 0.3.15
|
|||||||
Obsoletes: firewalld-config-cloud <= 0.3.15
|
Obsoletes: firewalld-config-cloud <= 0.3.15
|
||||||
Obsoletes: firewalld-config-server <= 0.3.15
|
Obsoletes: firewalld-config-server <= 0.3.15
|
||||||
Obsoletes: firewalld-config-workstation <= 0.3.15
|
Obsoletes: firewalld-config-workstation <= 0.3.15
|
||||||
%endif
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
firewalld is a firewall service daemon that provides a dynamic customizable
|
firewalld is a firewall service daemon that provides a dynamic customizable
|
||||||
@ -76,11 +56,7 @@ Obsoletes: python2-firewall < 0.5.2-2
|
|||||||
Requires: python3-dbus
|
Requires: python3-dbus
|
||||||
Requires: python3-slip-dbus
|
Requires: python3-slip-dbus
|
||||||
Requires: python3-decorator
|
Requires: python3-decorator
|
||||||
%if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
|
|
||||||
Requires: python3-gobject-base
|
Requires: python3-gobject-base
|
||||||
%else
|
|
||||||
Requires: python3-gobject
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description -n python3-firewall
|
%description -n python3-firewall
|
||||||
Python3 bindings for firewalld.
|
Python3 bindings for firewalld.
|
||||||
@ -97,11 +73,7 @@ Summary: Firewall panel applet
|
|||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
Requires: firewall-config = %{version}-%{release}
|
Requires: firewall-config = %{version}-%{release}
|
||||||
Requires: hicolor-icon-theme
|
Requires: hicolor-icon-theme
|
||||||
%if 0%{?fedora} >= 26
|
|
||||||
Requires: python3-qt5-base
|
Requires: python3-qt5-base
|
||||||
%else
|
|
||||||
Requires: python3-qt5
|
|
||||||
%endif
|
|
||||||
Requires: python3-gobject
|
Requires: python3-gobject
|
||||||
Requires: libnotify
|
Requires: libnotify
|
||||||
Requires: NetworkManager-libnm
|
Requires: NetworkManager-libnm
|
||||||
@ -127,8 +99,6 @@ firewalld.
|
|||||||
%prep
|
%prep
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
sed -i -e 's|/usr/bin/python -Es|%{__python3} -Es|' ./fix_python_shebang.sh
|
|
||||||
sed -i 's|/usr/bin/python|%{__python3}|' ./config/lockdown-whitelist.xml
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3}
|
%configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3}
|
||||||
@ -145,7 +115,6 @@ desktop-file-install --delete-original \
|
|||||||
--dir %{buildroot}%{_datadir}/applications \
|
--dir %{buildroot}%{_datadir}/applications \
|
||||||
%{buildroot}%{_datadir}/applications/firewall-config.desktop
|
%{buildroot}%{_datadir}/applications/firewall-config.desktop
|
||||||
|
|
||||||
%if 0%{?fedora} > 20
|
|
||||||
install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
|
install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
|
||||||
install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
|
install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
|
||||||
install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
|
install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
|
||||||
@ -167,7 +136,6 @@ sed -i 's|^DefaultZone=.*|DefaultZone=FedoraWorkstation|g' \
|
|||||||
%{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
|
%{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
|
||||||
|
|
||||||
rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
||||||
%endif
|
|
||||||
|
|
||||||
%find_lang %{name} --all-name
|
%find_lang %{name} --all-name
|
||||||
|
|
||||||
@ -180,7 +148,6 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli
|
|||||||
%postun
|
%postun
|
||||||
%systemd_postun_with_restart firewalld.service
|
%systemd_postun_with_restart firewalld.service
|
||||||
|
|
||||||
%if 0%{?fedora} > 21
|
|
||||||
%posttrans
|
%posttrans
|
||||||
# If we don't yet have a symlink or existing file for firewalld.conf,
|
# If we don't yet have a symlink or existing file for firewalld.conf,
|
||||||
# create it. Note: this will intentionally reset the policykit policy
|
# create it. Note: this will intentionally reset the policykit policy
|
||||||
@ -213,14 +180,12 @@ if [ ! -e %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy ]; th
|
|||||||
ln -sf org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
|
ln -sf org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
%endif
|
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%doc COPYING README
|
%doc COPYING README
|
||||||
%{_sbindir}/firewalld
|
%{_sbindir}/firewalld
|
||||||
%{_bindir}/firewall-cmd
|
%{_bindir}/firewall-cmd
|
||||||
%{_bindir}/firewall-offline-cmd
|
%{_bindir}/firewall-offline-cmd
|
||||||
%{_bindir}/firewallctl
|
|
||||||
%dir %{_datadir}/bash-completion/completions
|
%dir %{_datadir}/bash-completion/completions
|
||||||
%{_datadir}/bash-completion/completions/firewall-cmd
|
%{_datadir}/bash-completion/completions/firewall-cmd
|
||||||
%{_prefix}/lib/firewalld/icmptypes/*.xml
|
%{_prefix}/lib/firewalld/icmptypes/*.xml
|
||||||
@ -228,18 +193,11 @@ fi
|
|||||||
%{_prefix}/lib/firewalld/services/*.xml
|
%{_prefix}/lib/firewalld/services/*.xml
|
||||||
%{_prefix}/lib/firewalld/zones/*.xml
|
%{_prefix}/lib/firewalld/zones/*.xml
|
||||||
%{_prefix}/lib/firewalld/helpers/*.xml
|
%{_prefix}/lib/firewalld/helpers/*.xml
|
||||||
%{_prefix}/lib/firewalld/xmlschema/check.sh
|
|
||||||
%{_prefix}/lib/firewalld/xmlschema/*.xsd
|
|
||||||
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
||||||
%if 0%{?fedora} > 21
|
|
||||||
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
||||||
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
|
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
|
||||||
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
|
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
|
||||||
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
|
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
|
||||||
%endif
|
|
||||||
%if 0%{?rhel} >= 8
|
|
||||||
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
|
||||||
%endif
|
|
||||||
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
||||||
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers
|
||||||
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
||||||
@ -252,14 +210,8 @@ fi
|
|||||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
|
||||||
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice
|
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice
|
||||||
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
|
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice
|
||||||
%if 0%{?fedora} > 21
|
|
||||||
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
||||||
%endif
|
|
||||||
%if 0%{?rhel} >= 8
|
|
||||||
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
|
|
||||||
%endif
|
|
||||||
%{_mandir}/man1/firewall*cmd*.1*
|
%{_mandir}/man1/firewall*cmd*.1*
|
||||||
%{_mandir}/man1/firewallctl*.1*
|
|
||||||
%{_mandir}/man1/firewalld*.1*
|
%{_mandir}/man1/firewalld*.1*
|
||||||
%{_mandir}/man5/firewall*.5*
|
%{_mandir}/man5/firewall*.5*
|
||||||
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
|
%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
|
||||||
@ -293,7 +245,6 @@ fi
|
|||||||
%dir %{_prefix}/lib/firewalld/ipsets
|
%dir %{_prefix}/lib/firewalld/ipsets
|
||||||
%dir %{_prefix}/lib/firewalld/services
|
%dir %{_prefix}/lib/firewalld/services
|
||||||
%dir %{_prefix}/lib/firewalld/zones
|
%dir %{_prefix}/lib/firewalld/zones
|
||||||
%dir %{_prefix}/lib/firewalld/xmlschema
|
|
||||||
%{_rpmconfigdir}/macros.d/macros.firewalld
|
%{_rpmconfigdir}/macros.d/macros.firewalld
|
||||||
|
|
||||||
%files -n firewall-applet
|
%files -n firewall-applet
|
||||||
@ -318,6 +269,10 @@ fi
|
|||||||
%{_mandir}/man1/firewall-config*.1*
|
%{_mandir}/man1/firewall-config*.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 19 2018 Eric Garver <egarver@redhat.com> - 0.6.0-1
|
||||||
|
- rebase package to v0.6.0
|
||||||
|
- simplify spec file
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-4
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (firewalld-0.5.3.tar.gz) = be6074f1b02d42635c7f03a32372290365229caef91fda72c3c29cf3d2e4232e1901a79ccd27357e0cb69db9fc22730c957d479eefe0070c690fddabdcd0799d
|
SHA512 (firewalld-0.6.0.tar.gz) = 38f757c9cdfdd3cc2765c94253581f01bad2f9ce279f96add0f4c6517200452ce1e38ed5b08fb2fba34b064cf93de0cdb50e8e10bf42efea0bc34032716dd5b6
|
||||||
|
Loading…
Reference in New Issue
Block a user