2224648 – fix: reload on resetting to defaults

Bug 2224648 - fix: reload on resetting to defaults [NEEDINFO]

Summary: fix: reload on resetting to defaults

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rhel-system-roles
Sub Component:
Version:	8.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.9
Assignee:	Rich Megginson
QA Contact:	David Jež
Docs Contact:
URL:
Whiteboard:	role:firewall
Depends On:	2223764
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-21 18:51 UTC by Rich Megginson
Modified:	2023-08-13 15:00 UTC (History)
CC List:	5 users (show)
Fixed In Version:	rhel-system-roles-1.22.0-0.19.el8
Doc Type:	Enhancement
Doc Text:	Enhancement: Make resetting to defaults reload instead of restart firewalld Reason: Reloading in firewalld should successfully complete the configuration reset, and restarting adds downtime which can be used to open a connection that persists after firewalld has finishes restarting; this connection can be used to bypass firewall rules, since firewalld will not block traffic from active connections. Result: Minimal downtime when using `previous: replaced` Addresses an issue brought up in #140, where due to the restart on resetting to defaults, the feature may not be suitable for production environments.
Clone Of:	2223764
Environment:
Last Closed:
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	rmeggins: needinfo? (vdanek)

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-163000	0	None	None	None	2023-07-21 18:51:44 UTC

Description Rich Megginson 2023-07-21 18:51:16 UTC

+++ This bug was initially created as a clone of Bug #2223764 +++

Enhancement:
Make resetting to defaults reload instead of restart firewalld

Reason:
Reloading in firewalld should successfully complete the configuration reset, restarting adds downtime

Result:
Minimal downtime when using previous: replaced

Addresses an issue brought up in https://github.com/linux-system-roles/firewall/issues/140 , where due to the restart on resetting to defaults, the feature may not be suitable for production environments.
see https://github.com/linux-system-roles/firewall/pull/159

Note You need to log in before you can comment on or make changes to this bug.