Bug ID 1202043
Summary firewalld can no more use ipsets with iptables
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Network
Assignee screening-team-bugs@suse.de
Reporter arvidjaar@gmail.com
QA Contact qa-bugs@suse.de
CC trenn@suse.com
Found By ---
Blocker --- 

Firewalld checks availability of various tools at build time. After this:

* Thu Jul 14 2022 Thomas Renninger <trenn@suse.de>
- Also remove ipset, ebtables and iptables from the BuildRequires
  list (compare with change from 2022-03-03 - Thorsten Kukuk <kukuk@suse.com>)

firewalld cannot use these tools

COMMANDS = {
    "ipv4":         "/sbin/iptables",
    "ipv4-restore": "/sbin/iptables-restore",
    "ipv6":         "/sbin/ip6tables",
    "ipv6-restore": "/sbin/ip6tables-restore",
    "eb":           "/bin/false",
    "eb-restore":   "/bin/false",
    "ipset":        "/bin/false",
    "modprobe":     "/sbin/modprobe",
    "rmmod":        "/sbin/rmmod",
}

iptables happen to works because they are still in BuildRequies, even though
changelog entry claims to remove them.

If the goal is to completely disable even possibility to use iptables, this
should at least be consistent and certainly better communicated. Otherwise
either these BuildRequires are needed, or firewalld has to be built with
explicit --with-iptables etc providing full path to respective tools.

You are receiving this mail because: