Description of problem: currently, if one deletes service using firewall-cmd, service.xml.old file don't get updated with latest service.xml contents. please update all --delete calls to this behaviour (zone, ipset, icmptype,service) Version-Release number of selected component (if applicable): v0.4.1.2-90-g5da1724 How reproducible: always Steps to Reproduce: firewall-cmd --new-service=myserv --permanent firewall-cmd --add-port 2185/udp firewall-cmd --service myserv --add-source-port 2187/udp --permanent firewall-cmd --delete-service myserv --permanent Actual results: myserv.xml with sport 2187 gets deleted myserv.xml.old without sport 2187 but with 2185 port exists Expected results: myserv.xml.old contains contents of myserv.xml from before service deletion Additional info: having .old service file containing even older data is misleading
fix in reproducer on 2nd line: firewall-cmd --new-service=myserv --permanent firewall-cmd --service myserv --add-port 2185/udp firewall-cmd --service myserv --add-source-port 2187/udp --permanent firewall-cmd --delete-service myserv --permanent
This also applies to zones, icmptypes and ipsets.
Fixed upstream: https://github.com/t-woerner/firewalld/commit/a83c5204d536780f14936e87b1b3197383942a9d
Fixed in firewalld-0.4.3 in F23 and up