Stop default zone rules being applied to all zones (RHBZ#912782)

2013-02-20 16:03:09 +01:00 · 2013-02-20 16:03:09 +01:00 · dd3c207d08
commit dd3c207d08
parent 045dfa5c6a
2 changed files with 38 additions and 1 deletions
--- a/firewalld-0.2.12-bz912782.patch
+++ b/firewalld-0.2.12-bz912782.patch
@ -0,0 +1,32 @@
+From 3253df596ab6f5e43d22dff3049600fc0de9c41b Mon Sep 17 00:00:00 2001
+From: Jiri Popelka <jpopelka@redhat.com>
+Date: Wed, 20 Feb 2013 14:58:40 +0100
+Subject: [PATCH 1/2] Stop default zone rules being applied to all zones
+ (RHBZ#912782)
+
+See https://bugzilla.redhat.com/show_bug.cgi?id=912782
+for description.
+
+Patch from Quentin Armitage
+---
+ src/firewall/core/fw_zone.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
+index 6d874e5..0fd0267 100644
+--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
+@@ -272,8 +272,9 @@ class FirewallZone:
+                     if target == "DROP" and table == "nat":
+                         # DROP is not supported in nat table
+                         continue
+                    action = "-g" if "_ZONE_" in target else "-j"
+                     rule = [ "%s_ZONES" % src_chain, "-t", table,
+-                             opt, interface, "-j", target ]
+                             opt, interface, action, target ]
+                     if enable and not append:
+                         rule.insert(1, "1")
+                     rules.append((ipv, rule))
+-- 
+1.8.1.2
+
--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-BUS interface providing a dynamic firewall
 Name: firewalld
 Version: 0.2.12
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: http://fedorahosted.org/firewalld
 License: GPLv2+
 ExclusiveOS: Linux
@ -13,6 +13,7 @@ Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
 Patch1: firewalld-0.2.12-conf.patch
 Patch2: firewalld-0.2.12-gtk.patch
+Patch3: firewalld-0.2.12-bz912782.patch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
 BuildRequires: intltool
@ -80,6 +81,7 @@ firewalld.

 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 %configure --with-systemd-unitdir=%{_unitdir}
@ -196,6 +198,9 @@ fi
 %{_datadir}/icons/hicolor/*/apps/firewall-config*.*

 %changelog
+* Wed Feb 20 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-3
+- Stop default zone rules being applied to all zones (RHBZ#912782)
+
 * Tue Jan 22 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-2
 - Default zone in firewalld.conf was reseted with every restart (RHBZ#902845)
 - Add icon cache related scriptlets for firewall-config (RHBZ#902680)