diff --git a/SOURCES/firewalld-0.4.3.2-fix_log_denied_rhbz#1402932.patch b/SOURCES/firewalld-0.4.3.2-fix_log_denied_rhbz#1402932.patch new file mode 100644 index 0000000..7dee7aa --- /dev/null +++ b/SOURCES/firewalld-0.4.3.2-fix_log_denied_rhbz#1402932.patch @@ -0,0 +1,29 @@ +commit 821f04205d505da14587896cf436cbab5dba4dd9 +Author: Thomas Woerner +Date: Fri Sep 16 16:11:53 2016 +0200 + + firewall.core.fw_zone: Fix LOG rule placement for LogDenied + + The LOG rule needs to be placed exactly before the DROP or REJECT rule and not + afterwards. + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index d72caa5..97596bc 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -325,13 +325,13 @@ class FirewallZone(object): + chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: + if target in [ "REJECT", "%%REJECT%%" ]: + transaction.add_rule( +- ipv, [ "-I", _zone, "5", "-t", table, ++ ipv, [ "-I", _zone, "4", "-t", table, + "%%LOGTYPE%%", + "-j", "LOG", "--log-prefix", + "\"%s_REJECT: \"" % _zone ]) + if target == "DROP": + transaction.add_rule( +- ipv, [ "-I", _zone, "5", "-t", table, ++ ipv, [ "-I", _zone, "4", "-t", table, + "%%LOGTYPE%%", + "-j", "LOG", "--log-prefix", + "\"%s_DROP: \"" % _zone ]) diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec index 1d68593..8ed92e5 100644 --- a/SPECS/firewalld.spec +++ b/SPECS/firewalld.spec @@ -8,7 +8,7 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 0.4.3.2 -Release: 8.1%{?dist} +Release: 8.1%{?dist}.2 URL: http://www.firewalld.org License: GPLv2+ Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2 @@ -34,6 +34,7 @@ Patch19: firewalld-0.4.3.2-set_rules_copy_fix_rhbz#1373260.patch Patch20: firewalld-0.4.3.2-translation_update_rhbz#1273296.patch Patch21: firewalld-0.4.3.2-exclude_firewallctl_rhbz#1374799.patch Patch22: firewalld-0.4.3.2-no_blanked_zone_rhbz#1381314.patch +Patch23: firewalld-0.4.3.2-fix_log_denied_rhbz#1402932.patch BuildArch: noarch BuildRequires: desktop-file-utils @@ -166,6 +167,7 @@ firewalld. %patch20 -p1 -b .translation_update_rhbz#1273296 %patch21 -p1 -b .exclude_firewallctl_rhbz#1374799 %patch22 -p1 -b .no_blanked_zone_rhbz#1381314 +%patch23 -p1 -b .fix_log_denied_rhbz#1402932 %if 0%{?with_python3} rm -rf %{py3dir} @@ -354,6 +356,9 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Wed Feb 8 2017 Thomas Woerner - 0.4.3.2-8.1.el7_3.2 +- Fix LOG rule placement for LogDenied (RHBZ#1402932, RHBZ#1421205) + * Mon Jan 9 2017 Thomas Woerner - 0.4.3.2-8.1 - Fix ZONE being blanked in ifcfg on reboot (RHBZ#1410860, RHBZ#1381314)