network networkd address does not set up firewall rules

(cherry picked from commit 62bb9204099329e4e2362084f60884613f6e3a4f)
2024-09-10 19:10:03 +08:00 · 2024-09-10 19:10:03 +08:00 · 51dcfe02a1
commit 51dcfe02a1
parent 827d1dc912
2 changed files with 37 additions and 1 deletions
--- a/backport-network-networkd-address-don-t-set-up-firewall-rules.patch
+++ b/backport-network-networkd-address-don-t-set-up-firewall-rules.patch
@ -0,0 +1,31 @@
+From 58c6e75f263a1562f5550221af1ec1a9b6046143 Mon Sep 17 00:00:00 2001
+From: Topi Miettinen <toiwoton@gmail.com>
+Date: Mon, 4 Dec 2023 21:49:12 +0200
+Subject: [PATCH] network/networkd-address: don't set up firewall rules here
+
+Don't set up firewall rules when we're just initializing the firewall context
+for NFT sets.
+
+Fixes: #30257
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/58c6e75f263a1562f5550221af1ec1a9b6046143
+---
+ src/network/networkd-address.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
+index c1a8cd884..707113767 100644
+--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
+@@ -645,7 +645,7 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon
+         assert(nft_set_context);
+ 
+         if (!address->link->manager->fw_ctx) {
+-                r = fw_ctx_new(&address->link->manager->fw_ctx);
+                r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
+                 if (r < 0)
+                         return;
+         }
+-- 
+2.33.0
+
--- a/systemd.spec
+++ b/systemd.spec
@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        255
-Release:        26
+Release:        27
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager

@ -74,6 +74,7 @@ Patch6020:      backport-systemctl-fix-printing-of-RootImageOptions.patch
 Patch6021:      backport-pid1-add-env-var-to-override-default-mount-rate-limit-interval.patch
 Patch6022:      backport-core-escape-spaces-in-paths-during-serialization.patch
 Patch6023:      backport-core-escape-spaces-when-serializing-as-well.patch
+Patch6024:      backport-network-networkd-address-don-t-set-up-firewall-rules.patch

 Patch9008:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9009:      udev-add-actions-while-rename-netif-failed.patch
@ -1663,6 +1664,10 @@ fi
 %{_unitdir}/veritysetup.target

 %changelog
+* Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 255-27
+- DESC:network networkd address does not set up firewall rules
+       add backport-network-networkd-address-don-t-set-up-firewall-rules.patch
+
 * Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 255-26
 - DESC:escape spaces during serialization