From 040621b36e72f63482cce6c4e4daefd8b982387c Mon Sep 17 00:00:00 2001
From: Vrinda Punj <vpunj@redhat.com>
Date: Tue, 23 Jun 2020 20:01:17 -0400
Subject: [PATCH 35/45] fix(cli): add --zone is an invalid option with --direct

Fixes: rhbz 1483921
(cherry picked from commit 303f85fc35d230f6e1980996020011dd8c0c2041)
(cherry picked from commit e946d8c8f4717d269b9ca785cf124d83de7b723e)
---
 src/firewall-cmd.in                 | 3 +++
 src/tests/regression/regression.at  | 1 +
 src/tests/regression/rhbz1483921.at | 8 ++++++++
 3 files changed, 12 insertions(+)
 create mode 100644 src/tests/regression/rhbz1483921.at

diff --git a/src/firewall-cmd.in b/src/firewall-cmd.in
index 317da5eab6e4..014f3884d64b 100755
--- a/src/firewall-cmd.in
+++ b/src/firewall-cmd.in
@@ -962,6 +962,9 @@ if (a.direct and not options_direct) or (options_direct and not a.direct):
     cmd.fail(parser.format_usage() +
              "Wrong usage of 'direct' options.")
 
+if a.zone and a.direct:
+    cmd.fail(parser.format_usage() + "--zone is an invalid option with --direct")
+
 if a.name and not (a.new_zone_from_file or a.new_service_from_file or \
                    a.new_ipset_from_file or a.new_icmptype_from_file or \
                    a.new_helper_from_file):
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 1c8f76afa87a..5241a11a830d 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -31,3 +31,4 @@ m4_include([regression/gh599.at])
 m4_include([regression/rhbz1829104.at])
 m4_include([regression/rhbz1843398.at])
 m4_include([regression/rhbz1689429.at])
+m4_include([regression/rhbz1483921.at])
diff --git a/src/tests/regression/rhbz1483921.at b/src/tests/regression/rhbz1483921.at
new file mode 100644
index 000000000000..d3dd60bc8faf
--- /dev/null
+++ b/src/tests/regression/rhbz1483921.at
@@ -0,0 +1,8 @@
+FWD_START_TEST([direct zone])
+    AT_KEYWORDS(direct rhbz1483921)
+
+    FWD_CHECK([firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, ignore,ignore)
+    
+    FWD_CHECK([firewall-cmd --zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, ignore,ignore)
+FWD_END_TEST
+
-- 
2.27.0