File 0001-firewall-core-Always-reload-the-permanent-configurat.patch of Package firewalld

From 159acbb8e2b6853aa68ca84bb8b22c4438c2c7d4 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Wed, 17 Oct 2018 10:39:42 +0100
Subject: [PATCH] firewall: core: Always reload the permanent configuration on
 firewall reloads

Even on --reload some runtime configuration was being retained. This was
a surprise to many users. This commit is based on upstream commit
242bc4e2e20c6944164fe2495598982b1cfcc4fe (Add "FlushAllOnReload" config
option). However, the upstream commit introduces a new configuration
variable to switch between the old and new behavior. Since the old
behavior is not desirable, we can use a much smaller patch to make
--reload/--complete-reload behave as expected.

Fixes: suze bz #1112008
---
 src/firewall/core/fw.py | 44 -----------------------------------------
 1 file changed, 44 deletions(-)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 21f5fc68..414af945 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -916,14 +916,6 @@ class Firewall(object):
     def reload(self, stop=False):
         _panic = self._panic
 
-        # save zone interfaces
-        _zone_interfaces = { }
-        for zone in self.zone.get_zones():
-            _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"]
-        # save direct config
-        _direct_config = self.direct.get_runtime_config()
-        _old_dz = self.get_default_zone()
-
         # stop
         self.cleanup()
 
@@ -937,42 +929,6 @@ class Firewall(object):
             # etc. We'll re-raise it at the end.
             start_exception = e
 
-        # handle interfaces in the default zone and move them to the new
-        # default zone if it changed
-        _new_dz = self.get_default_zone()
-        if _new_dz != _old_dz:
-            # if_new_dz has been introduced with the reload, we need to add it
-            # https://github.com/firewalld/firewalld/issues/53
-            if _new_dz not in _zone_interfaces:
-                _zone_interfaces[_new_dz] = { }
-            # default zone changed. Move interfaces from old default zone to
-            # the new one.
-            for iface, settings in list(_zone_interfaces[_old_dz].items()):
-                if settings["__default__"]:
-                    # move only those that were added to default zone
-                    # (not those that were added to specific zone same as
-                    # default)
-                    _zone_interfaces[_new_dz][iface] = \
-                        _zone_interfaces[_old_dz][iface]
-                    del _zone_interfaces[_old_dz][iface]
-
-        # add interfaces to zones again
-        for zone in self.zone.get_zones():
-            if zone in _zone_interfaces:
-                self.zone.set_settings(zone, { "interfaces":
-                                               _zone_interfaces[zone] })
-                del _zone_interfaces[zone]
-            else:
-                log.info1("New zone '%s'.", zone)
-        if len(_zone_interfaces) > 0:
-            for zone in list(_zone_interfaces.keys()):
-                log.info1("Lost zone '%s', zone interfaces dropped.", zone)
-                del _zone_interfaces[zone]
-        del _zone_interfaces
-
-        # restore direct config
-        self.direct.set_config(_direct_config)
-
         # enable panic mode again if it has been enabled before or set policy
         # to ACCEPT
         if _panic:
-- 
2.19.0