diff -up firewalld-0.3.9/doc/xml/firewall-cmd.xml.RHBZ#1075675 firewalld-0.3.9/doc/xml/firewall-cmd.xml
--- firewalld-0.3.9/doc/xml/firewall-cmd.xml.RHBZ#1075675 2014-09-29 23:58:44.996603066 +0200
+++ firewalld-0.3.9/doc/xml/firewall-cmd.xml 2014-09-29 23:58:45.063603299 +0200
@@ -291,7 +291,7 @@
</varlistentry>
<varlistentry>
- <term><option>--permanent</option> <option>--zone</option>=<replaceable>zone</replaceable> <option>--get-target</option></term>
+ <term><option>--permanent</option> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--get-target</option></term>
<listitem>
<para>
Get the target of a permanent zone.
@@ -300,10 +300,10 @@
</varlistentry>
<varlistentry>
- <term><option>--permanent</option> <option>--zone</option>=<replaceable>zone</replaceable> <option>--set-target</option>=<replaceable>zone</replaceable></term>
+ <term><option>--permanent</option> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--set-target</option>=<replaceable>target</replaceable></term>
<listitem>
<para>
- Set the target of a permanent zone.
+ Set the target of a permanent zone. <replaceable>target</replaceable> is one of: <literal>default</literal>, <literal>ACCEPT</literal>, <literal>DROP</literal>, <literal>%%REJECT%%</literal>
</para>
</listitem>
</varlistentry>
diff -up firewalld-0.3.9/src/firewall/client.py.RHBZ#1075675 firewalld-0.3.9/src/firewall/client.py
--- firewalld-0.3.9/src/firewall/client.py.RHBZ#1075675 2014-09-29 23:58:44.981603013 +0200
+++ firewalld-0.3.9/src/firewall/client.py 2014-09-30 00:01:45.611233601 +0200
@@ -112,10 +112,10 @@ class FirewallClientZoneSettings(object)
@handle_exceptions
def getTarget(self):
- return self.settings[4]
+ return self.settings[4] if self.settings[4] != DEFAULT_ZONE_TARGET else "default"
@handle_exceptions
def setTarget(self, target):
- self.settings[4] = target
+ self.settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET
@handle_exceptions
def getServices(self):
diff -up firewalld-0.3.9/src/firewall-cmd.RHBZ#1075675 firewalld-0.3.9/src/firewall-cmd
--- firewalld-0.3.9/src/firewall-cmd.RHBZ#1075675 2014-09-29 23:58:44.997603069 +0200
+++ firewalld-0.3.9/src/firewall-cmd 2014-09-30 00:06:46.901286444 +0200
@@ -92,9 +92,9 @@ Zone Options
--delete-zone=<zone> Delete an existing zone [P only]
--zone=<zone> Use this zone to set or query options, else default zone
Usable for options maked with [Z]
- --get-target Get the zone target [P only]
+ --get-target Get the zone target [P] [Z]
--set-target=<target>
- Set the zone target [P only]
+ Set the zone target [P] [Z]
IcmpType Options
--new-icmptype=<icmptype>
@@ -591,6 +591,9 @@ options_direct = a.passthrough or \
a.add_passthrough or a.remove_passthrough or a.query_passthrough or \
a.get_passthroughs or a.get_all_passthroughs
+options_require_permanent = options_permanent_only \
+ or a.get_target or a.set_target
+
# these are supposed to only write out some output
options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \
a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \
@@ -599,7 +602,7 @@ options_list_get = a.help or a.version o
or a.list_rich_rules or a.list_interfaces or a.list_sources or \
a.get_default_zone or a.get_active_zones or a.get_zone_of_interface or \
a.get_zone_of_source or a.get_zones or a.get_services or a.get_icmptypes or \
- a.get_target or a.set_target
+ a.get_target
# Check various impossible combinations of options
@@ -615,7 +618,7 @@ if options_standalone and (options_zone
if (options_direct or options_permanent_only) and (options_zone):
__fail(parser.format_usage() +
- "Can't use 'direct' options with other options.")
+ "Can't be used with --zone.")
if (a.direct and not options_direct) or \
(options_direct and not a.direct):
@@ -626,7 +629,7 @@ if options_permanent_only and not a.perm
__fail(parser.format_usage() +
"Option can be used only with --permanent.")
-if a.set_target and not a.permanent:
+if options_require_permanent and not a.permanent:
__fail(parser.format_usage() +
"Option can be used only with --permanent.")