Blame SOURCES/0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch

136e2c
From 427b0e1ceb92e81ecef9304701ccc6a6f89a3dca Mon Sep 17 00:00:00 2001
136e2c
From: Eric Garver <eric@garver.life>
136e2c
Date: Thu, 2 May 2019 12:39:22 -0400
136e2c
Subject: [PATCH 41/73] fix: do not flush entire ruleset in
136e2c
 CHECK_NAT_COEXISTENCE
136e2c
136e2c
It should only delete the table it uses to probe. Flushing the entire
136e2c
ruleset is really bad.
136e2c
136e2c
Fixes: 19d33cde55d4 ("tests/firewall-cmd: check for NAT coexistence")
136e2c
(cherry picked from commit 1acdf4432d233d4e1ed9215318282e64b0e4404a)
136e2c
(cherry picked from commit 4912e6c14e180dbe66162348aae7f4ebd6743ee1)
136e2c
---
136e2c
 src/tests/functions.at | 2 +-
136e2c
 1 file changed, 1 insertion(+), 1 deletion(-)
136e2c
136e2c
diff --git a/src/tests/functions.at b/src/tests/functions.at
136e2c
index 729bfc0dfc6a..0dcda6311a75 100644
136e2c
--- a/src/tests/functions.at
136e2c
+++ b/src/tests/functions.at
136e2c
@@ -338,7 +338,7 @@ m4_define([CHECK_NAT_COEXISTENCE], [
136e2c
             AT_SKIP_IF([! modprobe iptable_nat])
136e2c
             AT_SKIP_IF([! NS_CMD([nft add table ip foobar])])
136e2c
             AT_SKIP_IF([! NS_CMD([nft add chain ip foobar foobar_chain { type nat hook postrouting priority 100 \; }])])
136e2c
-            NS_CHECK([nft flush ruleset])
136e2c
+            NS_CHECK([nft delete table ip foobar])
136e2c
         else
136e2c
             AT_SKIP_IF([true])
136e2c
         fi
136e2c
-- 
136e2c
2.20.1
136e2c