diff --git a/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch b/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch
new file mode 100644
index 0000000..a67f970
--- /dev/null
+++ b/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch
@@ -0,0 +1,127 @@
+From fcff9a0adbc8042544372e1af5d84b48e6d52c93 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Mon, 13 May 2019 09:40:31 -0400
+Subject: [PATCH 32/37] fix: avoid calling backends that aren't available
+
+We should operate just fine if some backend aren't available, e.g.
+ip6tables. This fixes some areas that broke that.
+
+Fixes: #491
+(cherry picked from commit 3fdffa76be42ce88bff35ce2b84c2beda3c016a1)
+(cherry picked from commit 86d003dcdbd2eb20ac32858f7cfa3074169d5b5e)
+---
+ src/firewall/core/fw.py | 54 ++++++++++++++++++------------------
+ src/firewall/core/fw_zone.py | 4 ++-
+ 2 files changed, 30 insertions(+), 28 deletions(-)
+
+diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
+index abb25f0c3e72..998de99e9532 100644
+--- a/src/firewall/core/fw.py
++++ b/src/firewall/core/fw.py
+@@ -703,24 +703,24 @@ class Firewall(object):
+ def get_backend_by_ipv(self, ipv):
+ if self.nftables_enabled:
+ return self.nftables_backend
+- if ipv == "ipv4":
++ if ipv == "ipv4" and self.ip4tables_enabled:
+ return self.ip4tables_backend
+- elif ipv == "ipv6":
++ elif ipv == "ipv6" and self.ip6tables_enabled:
+ return self.ip6tables_backend
+- elif ipv == "eb":
++ elif ipv == "eb" and self.ebtables_enabled:
+ return self.ebtables_backend
+ raise FirewallError(errors.INVALID_IPV,
+- "'%s' is not a valid backend" % ipv)
++ "'%s' is not a valid backend or is unavailable" % ipv)
+
+ def get_direct_backend_by_ipv(self, ipv):
+- if ipv == "ipv4":
++ if ipv == "ipv4" and self.ip4tables_enabled:
+ return self.ip4tables_backend
+- elif ipv == "ipv6":
++ elif ipv == "ipv6" and self.ip6tables_enabled:
+ return self.ip6tables_backend
+- elif ipv == "eb":
++ elif ipv == "eb" and self.ebtables_enabled:
+ return self.ebtables_backend
+ raise FirewallError(errors.INVALID_IPV,
+- "'%s' is not a valid backend" % ipv)
++ "'%s' is not a valid backend or is unavailable" % ipv)
+
+ def is_backend_enabled(self, name):
+ if name == "ip4tables":
+@@ -791,29 +791,29 @@ class Firewall(object):
+ rules = backend.build_default_rules(self._log_denied)
+ transaction.add_rules(backend, rules)
+
+- ipv6_backend = self.get_backend_by_ipv("ipv6")
+- if self.ipv6_rpfilter_enabled and \
+- "raw" in ipv6_backend.get_available_tables():
++ if self.is_ipv_enabled("ipv6"):
++ ipv6_backend = self.get_backend_by_ipv("ipv6")
++ if self.ipv6_rpfilter_enabled and \
++ "raw" in ipv6_backend.get_available_tables():
+
+- # Execute existing transaction
+- transaction.execute(True)
+- # Start new transaction
+- transaction.clear()
++ # Execute existing transaction
++ transaction.execute(True)
++ # Start new transaction
++ transaction.clear()
+
+- rules = ipv6_backend.build_rpfilter_rules(self._log_denied)
+- transaction.add_rules(ipv6_backend, rules)
++ rules = ipv6_backend.build_rpfilter_rules(self._log_denied)
++ transaction.add_rules(ipv6_backend, rules)
+
+- # Execute ipv6_rpfilter transaction, it might fail
+- try:
+- transaction.execute(True)
+- except FirewallError as msg:
+- log.warning("Applying rules for ipv6_rpfilter failed: %s", msg)
+- # Start new transaction
+- transaction.clear()
++ # Execute ipv6_rpfilter transaction, it might fail
++ try:
++ transaction.execute(True)
++ except FirewallError as msg:
++ log.warning("Applying rules for ipv6_rpfilter failed: %s", msg)
++ # Start new transaction
++ transaction.clear()
+
+- else:
+- if use_transaction is None:
+- transaction.execute(True)
++ if use_transaction is None:
++ transaction.execute(True)
+
+ # flush and policy
+
+diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
+index d5eafb863439..31d7d6a168a8 100644
+--- a/src/firewall/core/fw_zone.py
++++ b/src/firewall/core/fw_zone.py
+@@ -1554,7 +1554,7 @@ class FirewallZone(object):
+ if rule.family is not None:
+ ipvs = [ rule.family ]
+ else:
+- ipvs = [ "ipv4", "ipv6" ]
++ ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)]
+
+ source_ipv = self._rule_source_ipv(rule.source)
+ if source_ipv is not None and source_ipv != "":
+@@ -1804,6 +1804,8 @@ class FirewallZone(object):
+ #
+ backends_ipv = []
+ for ipv in ["ipv4", "ipv6"]:
++ if not self._fw.is_ipv_enabled(ipv):
++ continue
+ backend = self._fw.get_backend_by_ipv(ipv)
+ if len(svc.destination) > 0:
+ if ipv in svc.destination:
+--
+2.20.1
+
diff --git a/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch b/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch
new file mode 100644
index 0000000..0172150
--- /dev/null
+++ b/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch
@@ -0,0 +1,90 @@
+From 71e90d92c71d48f130e803f9b4de5224f774d84c Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Tue, 14 May 2019 08:58:37 -0400
+Subject: [PATCH 33/37] test: pass IPTABLES make variables down to autotest
+
+(cherry picked from commit 8533c488a30de680769d61a08bc5f404716b04ee)
+(cherry picked from commit 9de0a22a6046a162389617fd775a8c4a79ea6afa)
+---
+ src/tests/Makefile.am | 7 ++++++-
+ src/tests/functions.at | 4 ++--
+ src/tests/regression/icmp_block_in_forward_chain.at | 4 ++--
+ src/tests/regression/rhbz1514043.at | 2 +-
+ 4 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
+index a30ce4d5d607..2a5645ba81d8 100644
+--- a/src/tests/Makefile.am
++++ b/src/tests/Makefile.am
+@@ -15,7 +15,11 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec
+ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \
+ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \
+ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \
+- echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])'; \
++ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' && \
++ echo 'm4_define([IPTABLES],[$(IPTABLES)])' && \
++ echo 'm4_define([IPTABLES_RESTORE],[$(IPTABLES_RESTORE)])' && \
++ echo 'm4_define([IP6TABLES],[$(IP6TABLES)])' && \
++ echo 'm4_define([IP6TABLES_RESTORE],[$(IP6TABLES_RESTORE)])' ; \
+ } > "$@"
+
+ check-local: atconfig $(TESTSUITE)
+@@ -31,6 +35,7 @@ installcheck-local: atconfig $(TESTSUITE)
+
+ clean-local:
+ test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean
++ -rm $(srcdir)/package.m4
+
+ AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te
+ AUTOTEST = $(AUTOM4TE) --language=autotest
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index cf72e8f69ec4..70d5ec66590d 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -232,13 +232,13 @@ m4_define([EBTABLES_LIST_RULES], [
+
+ m4_define([IPTABLES_LIST_RULES], [
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+- NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
++ NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
+ ])
+ ])
+
+ m4_define([IP6TABLES_LIST_RULES], [
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+- NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
++ NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
+ ])
+ ])
+
+diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at
+index 77f3f274bc5a..3c8766a2b23b 100644
+--- a/src/tests/regression/icmp_block_in_forward_chain.at
++++ b/src/tests/regression/icmp_block_in_forward_chain.at
+@@ -2,8 +2,8 @@ FWD_START_TEST([ICMP block present FORWARD chain])
+
+ FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited])
+ m4_if(iptables, FIREWALL_BACKEND, [
+- NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore)
+- NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore)
++ NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore)
++ NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore)
+ ], [
+ NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore)
+ NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore)
+diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at
+index a7368dbd9eeb..a9750a584898 100644
+--- a/src/tests/regression/rhbz1514043.at
++++ b/src/tests/regression/rhbz1514043.at
+@@ -7,7 +7,7 @@ services: dhcpv6-client samba ssh
+ ])
+ dnl check that log denied actually took effect
+ m4_if(iptables, FIREWALL_BACKEND, [
+- NS_CHECK([iptables -t filter -L | grep "FINAL_REJECT:"], 0, ignore)
++ NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore)
+ ], [
+ NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore)
+ NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore)
+--
+2.20.1
+
diff --git a/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch b/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch
new file mode 100644
index 0000000..6990256
--- /dev/null
+++ b/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch
@@ -0,0 +1,41 @@
+From a565735cdf292e06d9530accee226beed0069368 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Mon, 13 May 2019 13:52:56 -0400
+Subject: [PATCH 34/37] test: add macro HOST_SUPPORTS_IP6TABLES
+
+(cherry picked from commit 4d5c3f190dc309ab03543dc7a65e45ee52858bd9)
+(cherry picked from commit ada120045f6a1d387edf02772e889717da68050b)
+---
+ src/tests/functions.at | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 70d5ec66590d..da90f9ce549b 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -238,8 +238,10 @@ m4_define([IPTABLES_LIST_RULES], [
+
+ m4_define([IP6TABLES_LIST_RULES], [
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [
+ NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
+ ])
++ ])
+ ])
+
+ m4_define([NFT_LIST_RULES], [
+@@ -355,3 +357,11 @@ m4_ifnblank(
+ [m4_define([HOST_SUPPORTS_NFT_FIB], [yes])],
+ [m4_define([HOST_SUPPORTS_NFT_FIB], [no])]
+ )
++
++m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd(
++ if IP6TABLES -L >/dev/null 2>&1; then
++ echo -n "yes"
++ else
++ echo -n "no"
++ fi
++)])
+--
+2.20.1
+
diff --git a/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch b/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch
new file mode 100644
index 0000000..10b4a03
--- /dev/null
+++ b/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch
@@ -0,0 +1,29 @@
+From 92fbe922bb4435a0cb48f8042e3ff33e8e1d0eaf Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Tue, 14 May 2019 18:30:12 -0400
+Subject: [PATCH 35/37] test: add macro IF_IPV6_SUPPORTED
+
+(cherry picked from commit d569d7239f23f443ac4c5dce843481223481ec96)
+(cherry picked from commit 781fe1a49ab1d3fea3540742c38fe6633e65d700)
+---
+ src/tests/functions.at | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index da90f9ce549b..106c71ff9920 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -365,3 +365,10 @@ m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd(
+ echo -n "no"
+ fi
+ )])
++
++m4_define([IF_IPV6_SUPPORTED], [
++ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [
++ m4_if(nftables, FIREWALL_BACKEND, [$1], [
++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [$1], [$2])
++ ])])
++])
+--
+2.20.1
+
diff --git a/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch b/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch
new file mode 100644
index 0000000..d9053b3
--- /dev/null
+++ b/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch
@@ -0,0 +1,32 @@
+From 77819612c5f96a899823063fb9a612eab7cf14cb Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Mon, 13 May 2019 10:27:07 -0400
+Subject: [PATCH 36/37] fix: tests/functions: ignore warnings about missing
+ ip6tables
+
+We allow running firewalld without ip6tables, as such it's not an error
+for it to be missing during testsuite execution.
+
+(cherry picked from commit 3ac719c1908d4d86d344ebc7b1e105545471046a)
+(cherry picked from commit 1e7e05ba07c78f6c21de818d1ab2f18d3c31534e)
+---
+ src/tests/functions.at | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 106c71ff9920..4c74c249f32e 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -132,6 +132,9 @@ m4_define([FWD_START_TEST], [
+
+ m4_define([FWD_END_TEST], [
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
++ IF_IPV6_SUPPORTED([], [
++ sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log
++ ])
+ if test x"$1" != x"ignore"; then
+ if test -n "$1"; then
+ sed -i $1 ./firewalld.log
+--
+2.20.1
+
diff --git a/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch b/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch
new file mode 100644
index 0000000..a40bd34
--- /dev/null
+++ b/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch
@@ -0,0 +1,242 @@
+From 2b76468d515858e27a1c50b9b27864adbb1bb96f Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Mon, 13 May 2019 14:00:21 -0400
+Subject: [PATCH 37/37] fix: tests: guard occurrences of IPv6
+
+Since we can run without IPv6 support we need to skip test areas that
+explicitly use IPv6.
+
+(cherry picked from commit bcb33e448abbf3a2a3a8721c257ad48bfc18dd9d)
+(cherry picked from commit 9344ff8c7ce3e55a2296ca3d565b51d9a52065c4)
+---
+ src/tests/firewall-cmd.at | 30 +++++++++++++++++++++++++----
+ src/tests/regression/gh335.at | 6 ++++++
+ src/tests/regression/rhbz1594657.at | 2 ++
+ 3 files changed, 34 insertions(+), 4 deletions(-)
+
+diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
+index bcbfe9639ef1..a3844151aeb3 100644
+--- a/src/tests/firewall-cmd.at
++++ b/src/tests/firewall-cmd.at
+@@ -199,8 +199,10 @@ sources: $1
+
+ check_zone_source([1.2.3.4])
+ check_zone_source([192.168.1.0/24])
++ IF_IPV6_SUPPORTED([
+ check_zone_source([3ffe:501:ffff::/64])
+ check_zone_source([dead:beef::babe])
++ ])
+
+ m4_undefine([check_zone_source])
+
+@@ -292,10 +294,12 @@ FWD_START_TEST([user services])
+ FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address
+ FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore)
+ FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore)
++ IF_IPV6_SUPPORTED([
+ FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
+ FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
+ FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore)
+ FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore)
++ ])
+
+ FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore)
+ FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore)
+@@ -447,10 +451,12 @@ FWD_START_TEST([forward ports])
+ FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
+ FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
+ FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
++ IF_IPV6_SUPPORTED([
+ FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
+ FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore)
+ FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
+ FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore)
++ ])
+ FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore)
+ FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore)
+ FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore)
+@@ -473,10 +479,12 @@ FWD_START_TEST([forward ports])
+ FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
+ FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
+ FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
++ IF_IPV6_SUPPORTED([
+ FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
+ FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore)
+ FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
+ FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore)
++ ])
+ FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore)
+ FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore)
+ FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore)
+@@ -592,12 +600,14 @@ FWD_START_TEST([ipset])
+ FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore)
+ FWD_RELOAD
+
++ IF_IPV6_SUPPORTED([
+ FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore)
+ FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore)
+ FWD_RELOAD
+ FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore)
+ FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore)
+ FWD_RELOAD
++ ])
+ FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d'])
+
+ FWD_START_TEST([user helpers])
+@@ -733,11 +743,13 @@ FWD_START_TEST([direct passthrough])
+ FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore)
+ FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore)
+
++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl
+ FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore)
+ FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
+ FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
+ FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
+ FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore)
++ ])
+
+ FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore)
+ FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore)
+@@ -868,21 +880,25 @@ FWD_START_TEST([rich rules good])
+ rich_rule_test([rule protocol value="sctp" log])
+ rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept])
+ rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop])
++ IF_IPV6_SUPPORTED([
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"])
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop])
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"])
++ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"])
++ rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept])
++ rich_rule_test([rule family="ipv6" masquerade])
++ ])
+ rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"])
+ rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"])
+- rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"])
+ rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade])
+ rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept])
+- rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept])
+ rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade])
+- rich_rule_test([rule family="ipv6" masquerade])
+ rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"])
+ rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"])
++ IF_IPV6_SUPPORTED([
+ rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
+ rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
++ ])
+ rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"])
+ FWD_END_TEST
+ FWD_START_TEST([rich rules audit])
+@@ -897,7 +913,6 @@ FWD_START_TEST([rich rules bad])
+ FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore)
+ ])
+ rich_rule_test([], 122) dnl empty
+- rich_rule_test([family="ipv6" accept], 122) dnl no rule
+ rich_rule_test([name="dns" accept], 122) dnl no rule
+ rich_rule_test([protocol value="ah" reject], 122) dnl no rule
+ rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family
+@@ -911,8 +926,11 @@ FWD_START_TEST([rich rules bad])
+ rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port
+ rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute
+ rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level
++ IF_IPV6_SUPPORTED([
++ rich_rule_test([family="ipv6" accept], 122) dnl no rule
+ rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit
++ ])
+ rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit
+ rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action
+ rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action
+@@ -1029,6 +1047,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90'
+ ])
+ FWD_CHECK([--check-config], 111, ignore, ignore)
+
++ IF_IPV6_SUPPORTED([
+ AT_DATA([./helpers/foobar.xml], [dnl
+ <?xml version="1.0" encoding="utf-8"?>
+ <helper family="ipv6" module="nf_conntrack_ftp">
+@@ -1036,6 +1055,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90'
+ </helper>
+ ])
+ FWD_CHECK([--check-config], 103, ignore, ignore)
++ ])
+ AT_CHECK([rm ./helpers/foobar.xml])
+
+ dnl icmptype
+@@ -1278,6 +1298,7 @@ WARNING: Invalid rule: Invalid log level
+ ])
+ FWD_CHECK([--check-config], 28, ignore, ignore)
+
++ IF_IPV6_SUPPORTED([
+ AT_DATA([./zones/foobar.xml], [dnl
+ <?xml version="1.0" encoding="utf-8"?>
+ <zone>
+@@ -1292,6 +1313,7 @@ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl
+ WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept
+ WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept
+ ])])
++ ])
+ AT_CHECK([rm ./zones/foobar.xml])
+
+ FWD_END_TEST([-e '/ERROR:/d'dnl
+diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at
+index 901e2fa04f69..54cc4c66e163 100644
+--- a/src/tests/regression/gh335.at
++++ b/src/tests/regression/gh335.at
+@@ -7,12 +7,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ FWD_RELOAD
+
++IF_IPV6_SUPPORTED([
+ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
+ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
+ FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"])
+ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
+ FWD_RELOAD
++])
+
+ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
+ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
+@@ -21,12 +23,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ FWD_RELOAD
+
++IF_IPV6_SUPPORTED([
+ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
+ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
+ FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"'])
+ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
+ FWD_RELOAD
++])
+
+ dnl following tests should _not_ enable IP forwarding
+ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
+@@ -40,8 +44,10 @@ FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protoc
+ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+
++IF_IPV6_SUPPORTED([
+ FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"'])
+ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
+ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
++])
+
+ FWD_END_TEST
+diff --git a/src/tests/regression/rhbz1594657.at b/src/tests/regression/rhbz1594657.at
+index c01a34012875..33b7bafe6b08 100644
+--- a/src/tests/regression/rhbz1594657.at
++++ b/src/tests/regression/rhbz1594657.at
+@@ -6,7 +6,9 @@ FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13,
+ FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore])
+ FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore])
+
++m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl
+ FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore])
+ FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore])
+ FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore])
++])
+ FWD_END_TEST
+--
+2.20.1
+
diff --git a/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch b/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch
new file mode 100644
index 0000000..b142d3b
--- /dev/null
+++ b/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch
@@ -0,0 +1,29 @@
+From 55ada411c884734d097c295f14d70e543c136a73 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Thu, 30 May 2019 09:45:07 -0400
+Subject: [PATCH 38/39] fix: tests: update package.m4 if makefile changed
+
+A common case is if we've done another ./configure and changed variables
+that get passed down via package.m4.
+
+(cherry picked from commit b2c98d9aadc3c4bc7306240381f1750a36850d09)
+---
+ src/tests/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
+index 2a5645ba81d8..7a644ca915c1 100644
+--- a/src/tests/Makefile.am
++++ b/src/tests/Makefile.am
+@@ -9,7 +9,7 @@ EXTRA_DIST = \
+ $(TESTSUITE_FILES) \
+ $(srcdir)/package.m4
+
+-$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec
++$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile
+ :;{ \
+ echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \
+ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \
+--
+2.20.1
+
diff --git a/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch b/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
new file mode 100644
index 0000000..d1d39ba
--- /dev/null
+++ b/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
@@ -0,0 +1,34 @@
+From edb4469374232d11b4f390ede726683ef5d3dbe7 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Thu, 30 May 2019 09:45:59 -0400
+Subject: [PATCH 39/39] fix: tests/functions: define HOST_SUPPORTS_IP6TABLES
+ value immediately
+
+(cherry picked from commit 6644eddbb219d83f4cb59523bfa873b4b1869e78)
+---
+ src/tests/functions.at | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index c21831839662..fae1a78f6005 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -361,13 +361,13 @@ m4_ifnblank(
+ [m4_define([HOST_SUPPORTS_NFT_FIB], [no])]
+ )
+
+-m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd(
++m4_define([HOST_SUPPORTS_IP6TABLES], m4_esyscmd(
+ if IP6TABLES -L >/dev/null 2>&1; then
+ echo -n "yes"
+ else
+ echo -n "no"
+ fi
+-)])
++))
+
+ m4_define([IF_IPV6_SUPPORTED], [
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [
+--
+2.20.1
+
diff --git a/SOURCES/RHEL-only-remove-ability-to-use-nftables-backend.patch b/SOURCES/RHEL-only-remove-ability-to-use-nftables-backend.patch
index a0aae2c..d5ed454 100644
--- a/SOURCES/RHEL-only-remove-ability-to-use-nftables-backend.patch
+++ b/SOURCES/RHEL-only-remove-ability-to-use-nftables-backend.patch
@@ -1,7 +1,7 @@
-From 2361184479832ac8f2754822e1e5d4de55c4898c Mon Sep 17 00:00:00 2001
+From c517bae24deb45ee3c75e5a7ae9927a82217dccb Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Wed, 14 Nov 2018 11:42:17 -0500
-Subject: [PATCH 1/4] remove ability to use nftables backend
+Subject: [PATCH] remove ability to use nftables backend
---
config/firewalld.conf | 7 -------
@@ -12,10 +12,10 @@ Subject: [PATCH 1/4] remove ability to use nftables backend
src/firewall/core/fw.py | 5 -----
src/firewall/core/io/firewalld_conf.py | 11 +----------
src/firewall/server/config.py | 19 +++----------------
- src/tests/dbus/firewalld.conf.at | 2 --
- src/tests/functions.at | 3 ---
+ src/tests/dbus/firewalld.conf.at | 6 +-----
+ src/tests/functions.at | 5 +----
src/tests/testsuite.at | 2 +-
- 11 files changed, 6 insertions(+), 80 deletions(-)
+ 11 files changed, 8 insertions(+), 84 deletions(-)
diff --git a/config/firewalld.conf b/config/firewalld.conf
index b53c0aa50c53..63df409bf567 100644
@@ -242,18 +242,22 @@ index dfc562b537eb..011052a9cabf 100644
self.config.get_firewalld_conf().write()
self.PropertiesChanged(interface_name,
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
-index 473210de10af..3887d7ee4a7d 100644
+index 473210de10af..741b1e6f417f 100644
--- a/src/tests/dbus/firewalld.conf.at
+++ b/src/tests/dbus/firewalld.conf.at
-@@ -5,7 +5,6 @@ DBUS_GETALL([config], [config], 0, [dnl
+@@ -5,10 +5,7 @@ DBUS_GETALL([config], [config], 0, [dnl
string "AutomaticHelpers" : variant string "system"
string "CleanupOnExit" : variant string "no"
string "DefaultZone" : variant string "public"
-string "FirewallBackend" : variant string "nftables"
- m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl
- string "IPv6_rpfilter" : variant string "no"],[dnl
- string "IPv6_rpfilter" : variant string "yes"])
-@@ -29,7 +28,6 @@ _helper([Lockdown], [string:"yes"], [variant string "yes"])
+-m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl
+-string "IPv6_rpfilter" : variant string "no"],[dnl
+-string "IPv6_rpfilter" : variant string "yes"])
++string "IPv6_rpfilter" : variant string "yes"
+ string "IndividualCalls" : variant string "no"
+ string "Lockdown" : variant string "no"
+ string "LogDenied" : variant string "off"
+@@ -29,7 +26,6 @@ _helper([Lockdown], [string:"yes"], [variant string "yes"])
_helper([LogDenied], [string:"all"], [variant string "all"])
_helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"])
_helper([IndividualCalls], [string:"yes"], [variant string "yes"])
@@ -262,10 +266,16 @@ index 473210de10af..3887d7ee4a7d 100644
dnl Note: DefaultZone is RO
m4_undefine([_helper])
diff --git a/src/tests/functions.at b/src/tests/functions.at
-index f8ab929118e5..b95324847e5c 100644
+index bae43faed410..3841df4264d7 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
-@@ -70,9 +70,6 @@ m4_define([FWD_START_TEST], [
+@@ -58,14 +58,11 @@ m4_define([FWD_START_TEST], [
+ fi
+
+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+- m4_define_default([FIREWALL_BACKEND], [nftables])
++ m4_define_default([FIREWALL_BACKEND], [iptables])
+
dnl don't unload modules or bother cleaning up, the namespace will be deleted
AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf])
@@ -289,5 +299,5 @@ index 2943d7460919..68d18c9018b8 100644
m4_include([regression.at])
m4_include([python.at])
--
-2.18.0
+2.20.1
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index f21cc0d..1655a1e 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -8,7 +8,7 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld
Version: 0.6.3
-Release: 2%{?dist}
+Release: 2%{?dist}.1
URL: http://www.firewalld.org
License: GPLv2+
Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -43,6 +43,14 @@ Patch28: 0020-doc-note-that-forward-port-may-enable-IP-forwarding.patch
Patch29: 0021-doc-note-that-masquerade-will-enable-IP-forwarding.patch
Patch30: 0022-fw_zone-forward-ports-only-enable-IP-forwarding-if-t.patch
Patch31: 0023-tests-regression-coverage-for-enabling-IP-forwarding.patch
+Patch32: 0032-fix-avoid-calling-backends-that-aren-t-available.patch
+Patch33: 0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch
+Patch34: 0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch
+Patch35: 0035-test-add-macro-IF_IPV6_SUPPORTED.patch
+Patch36: 0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch
+Patch37: 0037-fix-tests-guard-occurrences-of-IPv6.patch
+Patch38: 0038-fix-tests-update-package.m4-if-makefile-changed.patch
+Patch39: 0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
BuildArch: noarch
BuildRequires: desktop-file-utils
@@ -343,6 +351,9 @@ fi
%{_mandir}/man1/firewall-config*.1*
%changelog
+* Wed Aug 21 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.1
+- backport fix to allow disabling IPv6
+
* Tue Mar 19 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2
- backport recent upstream stable fixes
- backport fix to enable IP forwarding only if toaddr specified