| Summary: | firewall throw error: "'Rich_Destination' is not iterable" when services and destination address is provided rich rule. | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Akhil John <ajohn> | |
| Component: | firewalld | Assignee: | Eric Garver <egarver> | |
| Status: | CLOSED ERRATA | QA Contact: | Jiri Peska <jpeska> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.0 | CC: | jpeska, leonid.fainshtein, pasik, pasteur, ptalbert, todoleza | |
| Target Milestone: | rc | |||
| Target Release: | 8.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | firewalld-0.7.0-1.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1729097 (view as bug list) | Environment: | ||
| Last Closed: | 2019-11-05 22:31:34 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1729097 | |||
Fixed upstream:
3fb02f8d6648 ("test: coverage for rhbz 1715977")
d3bd517c7deb ("fix: rich rule destination with services")
Any plans to backport the fix to REL7/CentOS7? (In reply to leonid.fainshtein from comment #5) > Any plans to backport the fix to REL7/CentOS7? It will be fixed in the next RHEL-7 minor release (RHEL 7.8). When v.7.8 is expected? Actually, the fixed bug in firewalld is pretty serious... (In reply to leonid.fainshtein from comment #7) > When v.7.8 is expected? Actually, the fixed bug in firewalld is pretty > serious... See bug 1729097. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:3635 |
Description of problem: firewalld complete reload throw an error: "'Rich_Destination' is not iterable" when services and destination address is provided rich rule. Version-Release number of selected component (if applicable): firewalld-0.6.3-7.el8.noarch How reproducible: Always Steps to Reproduce: 1) Create a rich rule in zone with destination and service provided: # cat /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <service name="cockpit"/> <rule family="ipv4"> <source address="192.168.122.170/32"/> <destination address="192.168.122.235/32"/> <service name="ssh"/> <accept/> </rule> </zone> 2) Now perform complete reload. Actual results: [root@rhel8 ~]# firewall-cmd --complete-reload Error: argument of type 'Rich_Destination' is not iterable Expected results: [root@rhel8 ~]# firewall-cmd --complete-reload success Additional info: Bugzilla which could be related: https://bugzilla.redhat.com/show_bug.cgi?id=1644432