rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c8bceb8bf3db2fe79739fc14eb36252dbd2fa1e2
  2.   SOURCES
  3.   0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch
Blob History Raw
c8bceb 
From 427b0e1ceb92e81ecef9304701ccc6a6f89a3dca Mon Sep 17 00:00:00 2001
c8bceb 
From: Eric Garver <eric@garver.life>
c8bceb 
Date: Thu, 2 May 2019 12:39:22 -0400
c8bceb 
Subject: [PATCH 41/73] fix: do not flush entire ruleset in
c8bceb 
 CHECK_NAT_COEXISTENCE
c8bceb
c8bceb 
It should only delete the table it uses to probe. Flushing the entire
c8bceb 
ruleset is really bad.
c8bceb
c8bceb 
Fixes: 19d33cde55d4 ("tests/firewall-cmd: check for NAT coexistence")
c8bceb 
(cherry picked from commit 1acdf4432d233d4e1ed9215318282e64b0e4404a)
c8bceb 
(cherry picked from commit 4912e6c14e180dbe66162348aae7f4ebd6743ee1)
c8bceb 
---
c8bceb 
 src/tests/functions.at | 2 +-
c8bceb 
 1 file changed, 1 insertion(+), 1 deletion(-)
c8bceb
c8bceb 
diff --git a/src/tests/functions.at b/src/tests/functions.at
c8bceb 
index 729bfc0dfc6a..0dcda6311a75 100644
c8bceb 
--- a/src/tests/functions.at
c8bceb 
+++ b/src/tests/functions.at
c8bceb 
@@ -338,7 +338,7 @@ m4_define([CHECK_NAT_COEXISTENCE], [
c8bceb 
             AT_SKIP_IF([! modprobe iptable_nat])
c8bceb 
             AT_SKIP_IF([! NS_CMD([nft add table ip foobar])])
c8bceb 
             AT_SKIP_IF([! NS_CMD([nft add chain ip foobar foobar_chain { type nat hook postrouting priority 100 \; }])])
c8bceb 
-            NS_CHECK([nft flush ruleset])
c8bceb 
+            NS_CHECK([nft delete table ip foobar])
c8bceb 
         else
c8bceb 
             AT_SKIP_IF([true])
c8bceb 
         fi
c8bceb 
--
c8bceb 
2.20.1
c8bceb

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation