rpms / firewalld

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch
Blob Blame History Raw 
From 427b0e1ceb92e81ecef9304701ccc6a6f89a3dca Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 2 May 2019 12:39:22 -0400
Subject: [PATCH 41/73] fix: do not flush entire ruleset in
 CHECK_NAT_COEXISTENCE

It should only delete the table it uses to probe. Flushing the entire
ruleset is really bad.

Fixes: 19d33cde55d4 ("tests/firewall-cmd: check for NAT coexistence")
(cherry picked from commit 1acdf4432d233d4e1ed9215318282e64b0e4404a)
(cherry picked from commit 4912e6c14e180dbe66162348aae7f4ebd6743ee1)
---
 src/tests/functions.at | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tests/functions.at b/src/tests/functions.at
index 729bfc0dfc6a..0dcda6311a75 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -338,7 +338,7 @@ m4_define([CHECK_NAT_COEXISTENCE], [
             AT_SKIP_IF([! modprobe iptable_nat])
             AT_SKIP_IF([! NS_CMD([nft add table ip foobar])])
             AT_SKIP_IF([! NS_CMD([nft add chain ip foobar foobar_chain { type nat hook postrouting priority 100 \; }])])
-            NS_CHECK([nft flush ruleset])
+            NS_CHECK([nft delete table ip foobar])
         else
             AT_SKIP_IF([true])
         fi
-- 
2.20.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation