From f9e0fdd188e7730468bebdf35f573f2a1ef6bd9b Mon Sep 17 00:00:00 2001

From: Eric Garver <eric@garver.life>

Date: Tue, 2 Aug 2022 13:11:31 -0400

Subject: [PATCH 4/5] fix(runtimeToPermanent): errors for interfaces not in

 zone

We should only consider the interfaces for the currently iterated over

zone. Otherwise we will attempt to remove an interface from a zone for

which it is does not belong.

Note this only occurs when NetworkManager is running.

Fixes: #976

Fixes: rhbz2112982

(cherry picked from commit 15f47354c4a078dc694df1541550b3e5156548fc)

---

 src/firewall/server/firewalld.py | 9 +++++----

 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py

index 5cf963dfbbd4..f5f902d6e712 100644

--- a/src/firewall/server/firewalld.py

+++ b/src/firewall/server/firewalld.py

@@ -447,10 +447,11 @@ class FirewallD(DbusServiceObject):

             conf = self.getZoneSettings2(name)

             settings = FirewallClientZoneSettings(conf)

             changed = False

-            for interface in self.fw._nm_assigned_interfaces:

-                log.debug1("Zone '%s': interface binding for '%s' has been added by NM, ignoring." % (name, interface))

-                settings.removeInterface(interface)

-                changed = True

+            for interface in settings.getInterfaces():

+                if interface in self.fw._nm_assigned_interfaces:

+                    log.debug1("Zone '%s': interface binding for '%s' has been added by NM, ignoring." % (name, interface))

+                    settings.removeInterface(interface)

+                    changed = True

             # For the remaining interfaces, attempt to let NM manage them

             for interface in settings.getInterfaces():

                 try:

-- 

2.31.1