Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 666229 Details for
Bug 888288
qemu-kvm/libvirt guests unable to do many ipv4 & ipv6 functions working on F17
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Use default zone for all interfaces, that are not set to part of another zone.
firewalld-default_zone.patch (text/plain), 5.05 KB, created by
Thomas Woerner
on 2012-12-19 17:21:09 UTC
(
hide
)
Description:
Use default zone for all interfaces, that are not set to part of another zone.
Filename:
MIME Type:
Creator:
Thomas Woerner
Created:
2012-12-19 17:21:09 UTC
Size:
5.05 KB
patch
obsolete
>diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in >index a35b8ec..32943fd 100644 >--- a/src/firewall/config/__init__.py.in >+++ b/src/firewall/config/__init__.py.in >@@ -72,4 +72,7 @@ FIREWALLD_ICMPTYPES = USR_LIB_FIREWALLD + '/icmptypes' > > FIREWALLD_LOGFILE = '/var/log/firewalld' > >+FALLBACK_ZONE = "public" >+FALLBACK_MINIMAL_MARK = 100 >+ > SYSCTL_CONFIG = '/etc/sysctl.conf' >diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py >index ee4b240..b6482f9 100644 >--- a/src/firewall/core/fw.py >+++ b/src/firewall/core/fw.py >@@ -68,10 +68,10 @@ class Firewall: > def __init_vars(self): > self._state = "INIT" > self._panic = False >- self._default_zone = "public" # initial default, will be overloaded by firewalld.conf >+ self._default_zone = "" > self._module_refcount = { } > self._marks = [ ] >- self._min_mark = 100 # initial default, will be overloaded by firewalld.conf >+ self._min_mark = FALLBACK_MINIMAL_MARK # will be overloaded by firewalld.conf > self.cleanup_on_exit = True > > def start(self): >@@ -101,6 +101,8 @@ class Firewall: > self._flush() > self._set_policy("ACCEPT") > >+ default_zone = FALLBACK_ZONE >+ > # load firewalld config > log.debug1("Loading firewalld config file '%s'", FIREWALLD_CONF) > try: >@@ -110,7 +112,7 @@ class Firewall: > FIREWALLD_CONF, msg) > else: > if self._firewalld_conf.get("DefaultZone"): >- self._default_zone = self._firewalld_conf.get("DefaultZone") >+ default_zone = self._firewalld_conf.get("DefaultZone") > if self._firewalld_conf.get("MinimalMark"): > mark = self._firewalld_conf.get("MinimalMark") > try: >@@ -158,7 +160,7 @@ class Firewall: > sys.exit(1) > > # check if default_zone is a valid zone >- if self._default_zone not in self.zone.get_zones(): >+ if default_zone not in self.zone.get_zones(): > if "public" in self.zone.get_zones(): > zone = "public" > elif "external" in self.zone.get_zones(): >@@ -167,10 +169,12 @@ class Firewall: > zone = "block" # block is a base zone, therefore it has to exist > > log.error("Default zone '%s' is not valid. Using '%s'.", >- self._default_zone, zone) >- self._default_zone = zone >+ default_zone, zone) >+ default_zone = zone > else: >- log.debug1("Using default zone '%s'", self._default_zone) >+ log.debug1("Using default zone '%s'", default_zone) >+ >+ self.set_default_zone(default_zone) > > self._state = "RUNNING" > >@@ -558,6 +562,10 @@ class Firewall: > self._firewalld_conf.set("DefaultZone", _zone) > self._firewalld_conf.write() > >+ # remove old default zone from ZONES and add new default zone >+ # only if explicit_default is disabled >+ self.zone.change_default_zone(_old_dz, zone) >+ > # Move interfaces from old default zone to the new one. > _old_dz_settings = self.zone.get_settings(_old_dz) > for iface, settings in _old_dz_settings["interfaces"].items(): >diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py >index 99bb6b4..9d3ee5d 100644 >--- a/src/firewall/core/fw_zone.py >+++ b/src/firewall/core/fw_zone.py >@@ -249,7 +249,7 @@ class FirewallZone: > self.check_interface(interface) > return interface > >- def __interface(self, enable, zone, interface): >+ def __interface(self, enable, zone, interface, append=False): > rules = [ ] > for table in ZONE_CHAINS: > for chain in ZONE_CHAINS[table]: >@@ -273,11 +273,14 @@ class FirewallZone: > if target == "DROP" and table == "nat": > # DROP is not supported in nat table > continue >- rules.append((ipv, [ "%s_ZONES" % src_chain, "-t", table, >- opt, interface, "-j", target ])) >+ rule = [ "%s_ZONES" % src_chain, "-t", table, >+ opt, interface, "-j", target ] >+ if not append: >+ rule.insert(1, "1") >+ rules.append((ipv, rule)) > > # handle rules >- ret = self._fw.handle_rules(rules, enable) >+ ret = self._fw.handle_rules(rules, enable, not append) > if ret: > (cleanup_rules, msg) = ret > self._fw.handle_rules(cleanup_rules, not enable) >@@ -321,6 +324,13 @@ class FirewallZone: > > return self.add_interface(zone, interface, sender) > >+ def change_default_zone(self, old_zone, new_zone): >+ self._fw.check_panic() >+ >+ self.__interface(True, new_zone, "+", True) >+ if old_zone != None and old_zone != "": >+ self.__interface(False, old_zone, "+", True) >+ > def remove_interface(self, zone, interface): > self._fw.check_panic() > zoi = self.get_zone_of_interface(interface)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=666229">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 888288
:
666203
|
666225
| 666229