Bug 2223764

Summary: fix: reload on resetting to defaults
Product: Red Hat Enterprise Linux 9 Reporter: Rich Megginson <rmeggins>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Jakub Haruda <jharuda>
Severity: unspecified Docs Contact: Gabi Fialová <gfialova>
Priority: unspecified    
Version: 9.3CC: djez, gfialova, jharuda, spetrosi, vdanek
Target Milestone: rcKeywords: Triaged
Target Release: 9.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:firewall
Fixed In Version: rhel-system-roles-1.22.0-2.el9 Doc Type: Enhancement
Doc Text:
.Resetting the `firewall` RHEL System Role configuration now requires minimal downtime Previously, when you reset the `firewall` role configuration by using the `previous: replaced` variable, the `firewalld` service restarted. Restarting adds downtime and prolongs the period of an open connection in which `firewalld` does not block traffic from active connections. With this enhancement, the `firewalld` service completes the configuration reset by reloading instead of restarting. Reloading minimizes the downtime and reduces the opportunity to bypass firewall rules. As a result, using the `previous: replaced` variable to reset the `firewall` role configuration now requires minimal downtime.
 Story Points: ---
Clone Of:
: 2224648 (view as bug list) Environment:
Last Closed: 2023-11-07 08:29:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2224648    

Description Rich Megginson 2023-07-18 19:36:11 UTC 
Enhancement:
Make resetting to defaults reload instead of restart firewalld

Reason:
Reloading in firewalld should successfully complete the configuration reset, restarting adds downtime

Result:
Minimal downtime when using previous: replaced

Addresses an issue brought up in https://github.com/linux-system-roles/firewall/issues/140 , where due to the restart on resetting to defaults, the feature may not be suitable for production environments.
see https://github.com/linux-system-roles/firewall/pull/159
Comment 9 errata-xmlrpc 2023-11-07 08:29:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:6390
Comment 10 Red Hat Bugzilla 2024-03-07 04:26:01 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days