Bug 1125851
| Summary: | Zone x Sources conflicts are handled differently than mentioned in documentation | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jakub Jelen <jjelen> |
| Component: | firewalld | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | jpopelka, twoerner |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | firewalld-0.3.11-3.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-09-13 06:52:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1017034 | ||
This aplies to --remove-interface too and the reason is this commit: https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=cc3101ab70a3997228be7bc9f45a069c7fccfa36 Will it be OK if I explain it in firewall-cmd/firewalld.dbus man pages ? like: If zone is omitted (empty), the interface is removed from zone it belongs to. (In reply to Jiri Popelka from comment #1) > like: > If zone is omitted (empty), the interface is removed from zone it belongs to. Or perhaps remove the [--zone=zone] from man page at all. It'll still be possible for backward compatibility, but will be undocumented, because it's not needed. like: [--permanent] --remove-interface=interface Remove binding of interface interface from zone it was previously added to. Commited as https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=7012a071438f0110573ef7c62ea335200e76feff This sounds reasonable and much less confusing, than it was before. Thank you. But still in D-Bus interface it looks strange because methods are like
> removeInterface(s: zone, s: interface) → s
> removeSource(s: zone, s: source) → s
where first argument doesn't mean anything. But this can't be simply fixed without change in interface.
firewalld-0.3.11-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firewalld-0.3.11-1.fc20 Package firewalld-0.3.11-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-1.fc20 then log in and leave karma (feedback). Package firewalld-0.3.11-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-2.fc20 then log in and leave karma (feedback). Package firewalld-0.3.11-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-3.fc20 then log in and leave karma (feedback). firewalld-0.3.11-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: According to documentation (both dbus api and man) empty zone parameter should result in selection of DEFAULT zone. But there is a difference when removing sources. Example: > [root@localhost firewalld]# firewall-cmd --get-default-zone > public > [root@localhost firewalld]# firewall-cmd --zone="home" --add-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="" --remove-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="home" --add-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="public" --remove-source="192.168.0.1" > Error: ZONE_CONFLICT According to documentation, both cases should result in same way, but they don't. When I'm removing source with empty zone, it is selected the correct zone which contains this source and not the default zone. It doesn't apply for other methods in zone interface, because they can be added to every zone without restriction, but source is unique and it is handled other ways. Version-Release number of selected component (if applicable): firewalld-0.3.10-4.fc21.noarch How reproducible: deterministic