Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2021-02-01 13:25:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "firewalld" Mon Feb 1 13:25:19 2021 rev:55 rq:866985 version:0.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2021-01-18 11:30:45.444498720 +0100 +++ /work/SRC/openSUSE:Factory/.firewalld.new.28504/firewalld.changes 2021-02-01 13:25:24.957842445 +0100 @@ -1,0 +2,18 @@ +Tue Jan 26 16:33:10 UTC 2021 - Micha�� Rostecki <mrostecki@suse.com> + +- Disable FlushAllOnReload option to not retain interface to zone + assignments and direct rules when using --reload option. + * 0002-Disable-FlushAllOnReload-option.patch + +------------------------------------------------------------------- +Mon Jan 25 11:29:37 UTC 2021 - Micha�� Rostecki <mrostecki@suse.com> + +- Update to 0.9.3 (jsc#SLE-17336): + * docs(dbus): fix invalid method names + * fix(forward): iptables: ipset used as zone source + * fix(rich): non-printable characters removed from rich rules + * docs(firewall-cmd): small description grammar fix + * fix(rich): limit table to strip non-printables to C0 and C1 + * fix(zone): add source with mac address + +------------------------------------------------------------------- @@ -10 +28 @@ - nftables: + nftables (jsc#SLE-16300): @@ -15 +33 @@ - (rhbz#1817022) + (rhbz#1817022, jsc#SLE-16300) Old: ---- firewalld-0.9.1.tar.gz New: ---- 0002-Disable-FlushAllOnReload-option.patch firewalld-0.9.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.0tOtq5/_old 2021-02-01 13:25:25.737843669 +0100 +++ /var/tmp/diff_new_pack.0tOtq5/_new 2021-02-01 13:25:25.737843669 +0100 @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.9.1 +Version: 0.9.3 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later @@ -29,7 +29,7 @@ Url: http://www.firewalld.org Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Source1: docker-zone.xml - +Patch0: 0002-Disable-FlushAllOnReload-option.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils ++++++ 0002-Disable-FlushAllOnReload-option.patch ++++++ From b1145d3efc58220f58a4e67189c4ff4a8bd789ce Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mrostecki@opensuse.org> Date: Mon, 25 Jan 2021 12:58:00 +0100 Subject: [PATCH] Disable FlushAllOnReload option Disabling the FlushAllOnReload option restores the old behavior where --reload does not retain interface to zone assignmnets and direct rules. We want to keep that behavior in openSUSE and SLE Signed-off-by: Michal Rostecki <mrostecki@opensuse.org> --- config/firewalld.conf | 4 ++-- doc/xml/firewalld.conf.xml | 2 +- src/firewall/config/__init__.py.in | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/firewalld.conf b/config/firewalld.conf index 532f0452..e789f2a7 100644 --- a/config/firewalld.conf +++ b/config/firewalld.conf @@ -52,8 +52,8 @@ FirewallBackend=nftables # configuration was retained during a reload, namely; interface to zone # assignment, and direct rules. This was confusing to users. To get the old # behavior set this to "no". -# Default: yes -FlushAllOnReload=yes +# Default: no +FlushAllOnReload=no # RFC3964_IPv4 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml index fcfbfd2b..8415ba3e 100644 --- a/doc/xml/firewalld.conf.xml +++ b/doc/xml/firewalld.conf.xml @@ -166,7 +166,7 @@ runtime configuration was retained during a reload, namely; interface to zone assignment, and direct rules. This was confusing to users. To get the old behavior set this to "no". - Defaults to "yes". + Defaults to "no". </para> </listitem> </varlistentry> diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in index e875e849..df6f449b 100644 --- a/src/firewall/config/__init__.py.in +++ b/src/firewall/config/__init__.py.in @@ -131,6 +131,6 @@ FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "no" FALLBACK_FIREWALL_BACKEND = "nftables" -FALLBACK_FLUSH_ALL_ON_RELOAD = True +FALLBACK_FLUSH_ALL_ON_RELOAD = False FALLBACK_RFC3964_IPV4 = True FALLBACK_ALLOW_ZONE_DRIFTING = False -- 2.30.0 ++++++ firewalld-0.9.1.tar.gz -> firewalld-0.9.3.tar.gz ++++++ ++++ 5092 lines of diff (skipped)