File 0001-firewall-core-Always-reload-the-permanent-configurat.patch of Package firewalld.9185
From 159acbb8e2b6853aa68ca84bb8b22c4438c2c7d4 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Wed, 17 Oct 2018 10:39:42 +0100
Subject: [PATCH] firewall: core: Always reload the permanent configuration on
firewall reloads
Even on --reload some runtime configuration was being retained. This was
a surprise to many users. This commit is based on upstream commit
242bc4e2e20c6944164fe2495598982b1cfcc4fe (Add "FlushAllOnReload" config
option). However, the upstream commit introduces a new configuration
variable to switch between the old and new behavior. Since the old
behavior is not desirable, we can use a much smaller patch to make
--reload/--complete-reload behave as expected.
Fixes: suze bz #1112008
---
src/firewall/core/fw.py | 44 -----------------------------------------
1 file changed, 44 deletions(-)
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 21f5fc68..414af945 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -916,14 +916,6 @@ class Firewall(object):
def reload(self, stop=False):
_panic = self._panic
- # save zone interfaces
- _zone_interfaces = { }
- for zone in self.zone.get_zones():
- _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"]
- # save direct config
- _direct_config = self.direct.get_runtime_config()
- _old_dz = self.get_default_zone()
-
# stop
self.cleanup()
@@ -937,42 +929,6 @@ class Firewall(object):
# etc. We'll re-raise it at the end.
start_exception = e
- # handle interfaces in the default zone and move them to the new
- # default zone if it changed
- _new_dz = self.get_default_zone()
- if _new_dz != _old_dz:
- # if_new_dz has been introduced with the reload, we need to add it
- # https://github.com/firewalld/firewalld/issues/53
- if _new_dz not in _zone_interfaces:
- _zone_interfaces[_new_dz] = { }
- # default zone changed. Move interfaces from old default zone to
- # the new one.
- for iface, settings in list(_zone_interfaces[_old_dz].items()):
- if settings["__default__"]:
- # move only those that were added to default zone
- # (not those that were added to specific zone same as
- # default)
- _zone_interfaces[_new_dz][iface] = \
- _zone_interfaces[_old_dz][iface]
- del _zone_interfaces[_old_dz][iface]
-
- # add interfaces to zones again
- for zone in self.zone.get_zones():
- if zone in _zone_interfaces:
- self.zone.set_settings(zone, { "interfaces":
- _zone_interfaces[zone] })
- del _zone_interfaces[zone]
- else:
- log.info1("New zone '%s'.", zone)
- if len(_zone_interfaces) > 0:
- for zone in list(_zone_interfaces.keys()):
- log.info1("Lost zone '%s', zone interfaces dropped.", zone)
- del _zone_interfaces[zone]
- del _zone_interfaces
-
- # restore direct config
- self.direct.set_config(_direct_config)
-
# enable panic mode again if it has been enabled before or set policy
# to ACCEPT
if _panic:
--
2.19.0