rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/firewalld-0.4.4.6-Reload-nf_conntrack-sysctls-after-the-module-is-load-rhbz#1462977.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   843f86e1fcf8acf545276d7652bb4de77f66977f
  2.   SOURCES
  3.   firewalld-0.4.4.6-Reload-nf_conntrack-sysctls-after-the-module-is-load-rhbz#1462977.patch
Blob History Raw
843f86 
From c41e34a5a8fbda2731aa724e65dcc93aa9ab7b64 Mon Sep 17 00:00:00 2001
843f86 
From: Eric Garver <e@erig.me>
843f86 
Date: Thu, 3 Aug 2017 15:06:57 -0400
843f86 
Subject: [PATCH] Reload nf_conntrack sysctls after the module is loaded
843f86
843f86 
Add a modprobe config file that will cause specified sysctls to be
843f86 
reloaded after a given module is loaded. This is needed because sysctls
843f86 
will go away and reappear when modules are unloaded which happens on a
843f86 
firewalld restart. e.g. nf_conntrack_max.
843f86
843f86 
Fixes: RHBZ#1462977
843f86 
(cherry picked from commit 65434db736fa68a25e1ab417f6c330c03c5eafde)
843f86 
---
843f86 
 config/Makefile.am               | 22 ++++++++++++++++++++--
843f86 
 config/firewalld-sysctls.conf.in |  1 +
843f86 
 configure.ac                     |  1 +
843f86 
 firewalld.spec                   |  1 +
843f86 
 4 files changed, 23 insertions(+), 2 deletions(-)
843f86 
 create mode 100644 config/firewalld-sysctls.conf.in
843f86
843f86 
diff --git a/config/Makefile.am b/config/Makefile.am
843f86 
index 1035c9f940a9..a66ae05d8122 100644
843f86 
--- a/config/Makefile.am
843f86 
+++ b/config/Makefile.am
843f86 
@@ -42,6 +42,7 @@ BUILT_SOURCES = \
843f86 
 	$(applet_desktop_DATA) \
843f86 
 	$(polkit1_action_DATA) \
843f86 
 	$(gsettings_SCHEMAS) \
843f86 
+	firewalld-sysctls.conf \
843f86 
 	firewalld.service
843f86
843f86 
 @INTLTOOL_DESKTOP_RULE@
843f86 
@@ -51,7 +52,7 @@ BUILT_SOURCES = \
843f86
843f86 
 all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
843f86
843f86 
-CLEANFILES = *~ *\# .\#* firewalld.service
843f86 
+CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf
843f86
843f86 
 DISTCLEANFILES = \
843f86 
 	$(desktop_DATA) \
843f86 
@@ -246,6 +247,7 @@ EXTRA_DIST = \
843f86 
 	$(CONFIG_FILES) \
843f86 
 	$(dist_xmlschema_DATA) \
843f86 
 	firewalld.init \
843f86 
+	firewalld-sysctls.conf.in \
843f86 
 	firewalld.service.in \
843f86 
 	firewalld.sysconfig \
843f86 
 	macros.firewalld
843f86 
@@ -253,6 +255,9 @@ EXTRA_DIST = \
843f86 
 INSTALL_TARGETS = install-config
843f86 
 UNINSTALL_TARGETS = uninstall-config
843f86
843f86 
+INSTALL_TARGETS += install-modprobe.d
843f86 
+UNINSTALL_TARGETS += uninstall-modprobe.d
843f86 
+
843f86 
 if USE_SYSTEMD
843f86 
 INSTALL_TARGETS += install-service
843f86 
 UNINSTALL_TARGETS += uninstall-service
843f86 
@@ -275,11 +280,16 @@ edit = sed \
843f86 
 	-e 's|@bindir[@]|$(bindir)|g' \
843f86 
 	-e 's|@sbindir[@]|$(sbindir)|g' \
843f86 
 	-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
843f86 
-	-e 's|@localstatedir[@]|$(localstatedir)|g'
843f86 
+	-e 's|@localstatedir[@]|$(localstatedir)|g' \
843f86 
+	-e 's|@MODPROBE[@]|$(MODPROBE)|g' \
843f86 
+	-e 's|@SYSCTL[@]|$(SYSCTL)|g'
843f86
843f86 
 firewalld.service: firewalld.service.in
843f86 
 	$(edit) $< >$@
843f86
843f86 
+firewalld-sysctls.conf: firewalld-sysctls.conf.in
843f86 
+	$(edit) $< >$@
843f86 
+
843f86 
 install-sysconfig:
843f86 
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
843f86 
 	$(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld
843f86 
@@ -312,6 +322,14 @@ uninstall-service: uninstall-sysconfig
843f86 
 	rm -f $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service
843f86 
 	rmdir $(DESTDIR)$(SYSTEMD_UNITDIR) || :
843f86
843f86 
+install-modprobe.d:
843f86 
+	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/modprobe.d
843f86 
+	$(INSTALL_DATA) firewalld-sysctls.conf $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf
843f86 
+
843f86 
+uninstall-modprobe.d:
843f86 
+	rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf
843f86 
+	rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || :
843f86 
+
843f86 
 install-config:
843f86 
 	$(MKDIR_P) $(DESTDIR)$(sconfdir)
843f86 
 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes
843f86 
diff --git a/config/firewalld-sysctls.conf.in b/config/firewalld-sysctls.conf.in
843f86 
new file mode 100644
843f86 
index 000000000000..976027743e8f
843f86 
--- /dev/null
843f86 
+++ b/config/firewalld-sysctls.conf.in
843f86 
@@ -0,0 +1 @@
843f86 
+install nf_conntrack @MODPROBE@ --ignore-install nf_conntrack && @SYSCTL@ --pattern 'net[.]netfilter[.]nf_conntrack.*' --system
843f86 
diff --git a/configure.ac b/configure.ac
843f86 
index e3525703819d..776e627b0fa0 100644
843f86 
--- a/configure.ac
843f86 
+++ b/configure.ac
843f86 
@@ -33,6 +33,7 @@ AC_PATH_PROG([KILL], [kill], [/usr/bin/kill])
843f86 
 AC_PATH_PROG([MODINFO], [modinfo], [/sbin/modinfo])
843f86 
 AC_PATH_PROG([MODPROBE], [modprobe], [/sbin/modprobe])
843f86 
 AC_PATH_PROG([RMMOD], [rmmod], [/sbin/rmmod])
843f86 
+AC_PATH_PROG([SYSCTL], [sysctl], [/sbin/sysctl])
843f86
843f86 
 GLIB_GSETTINGS
843f86
843f86 
diff --git a/firewalld.spec b/firewalld.spec
843f86 
index 7f16f38d2932..476f9668d44f 100644
843f86 
--- a/firewalld.spec
843f86 
+++ b/firewalld.spec
843f86 
@@ -240,6 +240,7 @@ fi
843f86 
 %{_mandir}/man1/firewallctl*.1*
843f86 
 %{_mandir}/man1/firewalld*.1*
843f86 
 %{_mandir}/man5/firewall*.5*
843f86 
+%{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
843f86
843f86 
 %files -n python-firewall
843f86 
 %attr(0755,root,root) %dir %{python2_sitelib}/firewall
843f86 
--
843f86 
2.12.0
843f86

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation