Bug 1713823

Summary: Forward port for external zone is reachable from internal zone and gets all port-related traffic
Product: Red Hat Enterprise Linux 7 Reporter: Eugene Kanter <ekanter>
Component: firewalldAssignee: Eric Garver <egarver>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: medium Docs Contact: Sujata Kurup <skurup>
Priority: medium    
Version: 7.8CC: ajohn, bluthund23+redhat, egarver, jmaxwell, lmanasko, pasik, rkhan, sbrivio, todoleza
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: firewalld-0.6.3-3.el7 Doc Type: Bug Fix
Doc Text:
.Packets no longer drift to other zones and cause unexpected behavior Previously, when setting up rules in one zone, the `firewalld` daemon allowed the packets to be affected by multiple zones. This behavior violated the `firewalld` zone concept, in which packets may only be part of a single zone. This update fixes the bug and `firewalld` now prevents packets from being affected by multiple zones. Warning: This change may affect the availability of some service if the user was knowingly or unknowingly relying on the zone drifting behavior.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 20:00:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1723958    

Description Eugene Kanter 2019-05-25 00:35:06 UTC 
Description of problem:

https://github.com/firewalld/firewalld/issues/258

Version-Release number of selected component (if applicable):

firewalld-0.5.3-5
Comment 2 Eric Garver 2019-05-31 14:27:20 UTC 
Fixed upstream:

  0c49548a4954 ("test: add coverage for #258 and #441")
  70993581d79b ("fix: do not allow zone drifting")
Comment 3 Eric Garver 2019-05-31 14:29:49 UTC 
Also upstream:

  Fixes: 3903776a4f77 ("fix: test/regression/gh258: add missing keyword for rhbz 1713823")
Comment 21 errata-xmlrpc 2020-03-31 20:00:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1109