[PATCH 0/4] network: firewalld: fix routed network

Wednesday, 11 May 2022

This series fixes routed networks when a newer firewalld (>= 1.0.0) is
present [1]. Firewalld 1.0.0 included a change that disallows implicit
forwarding between zones [2]. libvirt was relying on this behavior to
allow routed networks to function.

New firewalld policies are added. This is done to use common rules
between NAT and routed networks. Policies have been supported since
firewalld 0.9.0.

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=2055706
[2]: https://github.com/firewalld/firewalld/issues/177

Eric Garver (4):
  network: firewalld: convert to policies
  network: firewalld: add zone for routed networks
  network: firewalld: add policies for routed networks
  network: firewalld: add support for routed networks

 src/network/bridge_driver_linux.c     |  6 +++++-
 src/network/libvirt-nat-out.policy    | 12 ++++++++++++
 src/network/libvirt-routed-in.policy  | 11 +++++++++++
 src/network/libvirt-routed-out.policy | 12 ++++++++++++
 src/network/libvirt-routed.zone       | 12 ++++++++++++
 src/network/libvirt-to-host.policy    | 21 +++++++++++++++++++++
 src/network/libvirt.zone              | 23 +++++------------------
 src/network/meson.build               | 25 +++++++++++++++++++++++++
 8 files changed, 103 insertions(+), 19 deletions(-)
 create mode 100644 src/network/libvirt-nat-out.policy
 create mode 100644 src/network/libvirt-routed-in.policy
 create mode 100644 src/network/libvirt-routed-out.policy
 create mode 100644 src/network/libvirt-routed.zone
 create mode 100644 src/network/libvirt-to-host.policy

-- 
2.33.0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 0/4] network: firewalld: fix routed network