rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0002-fw-on-restart-set-policy-from-same-function.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   0002-fw-on-restart-set-policy-from-same-function.patch
Blob History Raw
4d71d0 
From aac434a339ec9d261bdba70eaf649bcd8820af51 Mon Sep 17 00:00:00 2001
4d71d0 
From: Eric Garver <e@erig.me>
4d71d0 
Date: Mon, 13 Aug 2018 16:02:11 -0400
4d71d0 
Subject: [PATCH 2/4] fw: on restart set policy from same function
4d71d0
4d71d0 
Toggle the DROP/ACCEPT policy from the same function. Doing it in
4d71d0 
various areas is error prone.
4d71d0
4d71d0 
(cherry picked from commit d3acaac62106b10945c7ac400140b5d0f2c4264d)
4d71d0 
---
4d71d0 
 src/firewall/core/fw.py | 7 +++----
4d71d0 
 1 file changed, 3 insertions(+), 4 deletions(-)
4d71d0
4d71d0 
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
4d71d0 
index e99201d0363d..1ff36f18cd99 100644
4d71d0 
--- a/src/firewall/core/fw.py
4d71d0 
+++ b/src/firewall/core/fw.py
4d71d0 
@@ -391,14 +391,11 @@ class Firewall(object):
4d71d0 
         # Start transaction
4d71d0 
         transaction = FirewallTransaction(self)
4d71d0
4d71d0 
-        if reload:
4d71d0 
-            self.set_policy("DROP", use_transaction=transaction)
4d71d0 
-
4d71d0 
         # flush rules
4d71d0 
         self.flush(use_transaction=transaction)
4d71d0
4d71d0 
         # If modules need to be unloaded in complete reload or if there are
4d71d0 
-        # ipsets to get applied, limit the transaction to set_policy and flush.
4d71d0 
+        # ipsets to get applied, limit the transaction to flush.
4d71d0 
         #
4d71d0 
         # Future optimization for the ipset case in reload: The transaction
4d71d0 
         # only needs to be split here if there are conflicting ipset types in
4d71d0 
@@ -919,6 +916,8 @@ class Firewall(object):
4d71d0 
         # stop
4d71d0 
         self.cleanup()
4d71d0
4d71d0 
+        self.set_policy("DROP")
4d71d0 
+
4d71d0 
         # start
4d71d0 
         self._start(reload=True, complete_reload=stop)
4d71d0
4d71d0 
--
4d71d0 
2.18.0
4d71d0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation