device: use the nm-shared firewalld zone in shared mode

System Internals / NetworkManager - Beniamino Galvani [redhat.com] - 15 May 2020 17:06 EDT

When the interface is in IPv4 or IPv6 shared mode and the user didn't specify an explicit zone, use the nm-shared one.

Note that masquerade is still done through iptables direct calls because at the moment it is not possible for a firewalld zone to do masquerade based on the input interface.

The firewalld zone is needed on systems where firewalld is using the nftables backend and the 'iptables' binary uses the iptables API (instead of the nftables one). On such systems, even if the traffic is allowed in iptables by our direct rules, it can still be dropped in nftables by firewalld.

3e2b72353 device: use the nm-shared firewalld zone in shared mode
NEWS | 8 ++++++++
src/devices/nm-device.c | 13 ++++++++++++-
2 files changed, 20 insertions(+), 1 deletion(-)

Upstream: cgit.freedesktop.org


  • Share