Bug 2026176
| Summary: | FirewallD is Extremely Slow when Importing CIDR Lists under Fedora 35 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | niohiani <notinsideofhereiamnotinside> | ||||||
| Component: | firewalld | Assignee: | Eric Garver <egarver> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 36 | CC: | egarver, psutter | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | firewalld-1.2.2-1.fc36 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2022-12-15 02:16:31 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
niohiani
2021-11-24 01:06:55 UTC
This is still an issue under Fedora 36 and 37. The fix is in the below firewalld releases. How do you feel about rebasing firewalld to v1.2.1 (same as f37 and f38) ? It's a big version bump for an old release. $ git tag --contains 36c170db265265e838a089858be4b20dbbd582eb v1.1.0 v1.1.1 v1.1.2 v1.1.3 v1.2.0 v1.2.1 Obviously not many others have noticed the issue, so thank you for the response. I was unaware of there being a fix, and that's great news. It would of course be awesome to see it backported to f36, as I usually keep my main PC one release behind the latest Fedora for 2 or 3 months while kinks and edge-cases are worked out, and I imagine that some other users take similar approaches to release upgrades. > It would of course be awesome to see it backported to f36
Do you mean a backport of specific patches.. or a rebase to v1.2.1?
The latter is actually less time consuming for your friendly maintainer. ;)
Ah, then of course the latter. I'm but a lone user with a relatively obscure issue, and only maintain one - much less complicated - package myself. I can offer you my heartfelt appreciation for any time you spend on a rebase. (In reply to niohiani from comment #5) > Ah, then of course the latter. I'm but a lone user with a relatively obscure > issue, and only maintain one - much less complicated - package myself. I can > offer you my heartfelt appreciation for any time you spend on a rebase. I'll do the rebase. It may rot in bodhi (testing), but at least you'll have a build for yourself. Many, many thanks, and godspeed! FEDORA-2022-2305f92d83 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2305f92d83 (In reply to Fedora Update System from comment #8) > FEDORA-2022-2305f92d83 has been submitted as an update to Fedora 36. > https://bodhi.fedoraproject.org/updates/FEDORA-2022-2305f92d83 It should hit testing soon. I set the karma threshold to 5 (up from 3) since it's a rebase in an old release. Stellar! Saves me a lot of time when importing new lists. Mark this as closed whenever you see fit. FEDORA-2022-2305f92d83 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-2305f92d83` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2305f92d83 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. Created attachment 1924078 [details]
Latest CIDR list (IPv4) for testing
Alright, so I'm using the new build, and while there are no noticeable regressions, this bug appears to be unresolved. I have attached the latest CIDR list I'm working with, and made sure to clear all of the previous entries before importing the new list under IPSets. It took about 15 minutes for the import to complete. Would love to assist in getting to the bottom of this. Can you show the exact commands you're using? --->8--- # dnf info firewalld Installed Packages Name : firewalld Version : 1.2.1 Release : 1.fc37 [..] # firewall-cmd --permanent --new-ipset foobar hash:net # time firewall-cmd --permanent --ipset foobar --add-entries-from-file=big_set success real 0m0.253s user 0m0.151s sys 0m0.020s [root@vm-local-fedora tmp]# wc -l big_set 10611 big_set Pretty weird. Importing via the GUI (firewall-config) is still extremely slow, but doing so via the command line appears to have been fixed, and only takes seconds. Didn't think to try adding via firewall-cmd since I filed this bug, as I usually only use firewall-cmd for backing up previous IPSet entries, and tend toward the GUI for other operations. Will be avoiding firewall-config for now. FEDORA-2022-2305f92d83 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-2305f92d83` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2305f92d83 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-6499e05ba6 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-6499e05ba6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-6499e05ba6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-6499e05ba6 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. |