Bug 1325335 – [RFE] allow negation of icmp-blocks zone configuration field

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1325335 - [RFE] allow negation of icmp-blocks zone configuration field

Summary:	[RFE] allow negation of icmp-blocks zone configuration field

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	firewalld (Show other bugs)
Sub Component:
Version:	7.2
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Thomas Woerner
QA Contact:	Tomas Dolezal
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature, RFE

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-04-08 09:10 EDT by Tomas Dolezal
Modified:	2016-11-03 17:02 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:	firewalld-0.4.2-1.el7
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-11-03 17:02:45 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2597	normal	SHIPPED_LIVE	Moderate: firewalld security, bug fix, and enhancement update	2016-11-03 08:11:47 EDT

Groups: None (edit)

Description Tomas Dolezal 2016-04-08 09:10:52 EDT

Description of problem:
based on discussion from
bug 1136801 comment 11 and
bug 1136801 comment 15

There came an idea to have possibility to include the only icmp types in icmp-blocks field instead of excluding them.

To have it as follows:
* 'icmp-blocks' becomes 'icmp-filter' - it should be backwards compatible with (possibly hidden) 'icmp-blocks' setting
* default behaviour stays the same
* rough description: the whole field can be negated (could use a '!'); from --list-all or --zone-info it's apparent what behaviour is currently set.
* behaviour is not dependent on 'default-target' of a zone (would be anti-UX) (this was in original idea)

Version-Release number of selected component (if applicable):
firewalld-0.3.9-14.el7

Additional info:
In el7 icmp-blocks are added one at a time, this might pose a problem with field's functional inversion

Comment 3 Thomas Woerner 2016-05-25 11:41:46 EDT

Fixed upstream:

https://github.com/t-woerner/firewalld/commit/c6a8b4c03f3b96c48dc06cf7cbb71297d03b6c58
https://github.com/t-woerner/firewalld/commit/e1bb04f488500ccaadb49249dc6b22d6daeb342a
https://github.com/t-woerner/firewalld/commit/fa589ebe36c24b515994f9cd5bd10285b9321c18
https://github.com/t-woerner/firewalld/commit/9ffa79f00b2964aff87b7a30fc261f0330c06f89
https://github.com/t-woerner/firewalld/commit/2f3cc927360842299640081a0b501e55259901d3
https://github.com/t-woerner/firewalld/commit/50431459987f26e8ea666320fcd433f3a6fa9457
https://github.com/t-woerner/firewalld/commit/26e23b8cd945720cfb2ff37e47b12435747a051b

Comment 8 errata-xmlrpc 2016-11-03 17:02:45 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2597.html

Note You need to log in before you can comment on or make changes to this bug.