You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed this on the FreedomBox, where etckeeper store every change in
/etc/ in git. After configuring Tor on the test machine, 'git diff'
show this set of changes to the /etc/firewalld/zones/external.xml file:
diff --git a/firewalld/zones/external.xml b/firewalld/zones/external.xml
index 73c852a..99911e8 100644
--- a/firewalld/zones/external.xml+++ b/firewalld/zones/external.xml@@ -2,11 +2,14 @@
<zone>
<short>External</short>
<description>For use on external networks. You do not trust the other comput
ers on networks to not harm your computer. Only selected incoming connections a
re accepted.</description>
- <service name="xmpp-server"/>- <service name="https"/>
<service name="http"/>
+ <service name="tor-obfs3"/>+ <service name="tor-obfs4"/>+ <service name="https"/>
<service name="xmpp-bosh"/>
<service name="xmpp-client"/>
+ <service name="tor-orport"/>+ <service name="xmpp-server"/>
<service name="ssh"/>
<masquerade/>
</zone>
It is harder than it had to be to notice what was added and figuring out
which services were only moved in the list. Please change firewalld to
keep the content of its files sorted, to make it possible for etckeeper
to only report changes to the files.
The text was updated successfully, but these errors were encountered:
I think that's fair. It should also be a very simple change. Below is probably sufficient.
diff --git a/src/firewall/core/io/policy.py b/src/firewall/core/io/policy.py
index 8de7604a0fb2..eb7961363b4c 100644
--- a/src/firewall/core/io/policy.py+++ b/src/firewall/core/io/policy.py@@ -395,7 +395,7 @@ def common_writer(obj, handler):
handler.ignorableWhitespace("\n")
# services
- for service in uniqify(obj.services):+ for service in sorted(uniqify(obj.services)):
handler.ignorableWhitespace(" ")
handler.simpleElement("service", { "name": service })
handler.ignorableWhitespace("\n")
There are a lot of these quality of life enhancements that could be done. Just off the top of my head:
sort rich rules by priority
sort ports by port number
sort protocols by name
sort elements by element name
erig0
changed the title
Keep service lists sorted to make it easier to spot changes?
[RFE]: policy/zone: Keep service sorted to make it easier to spot changes (diffs)
Jan 12, 2021
Originally filed as downstream bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833527
I noticed this on the FreedomBox, where etckeeper store every change in
/etc/ in git. After configuring Tor on the test machine, 'git diff'
show this set of changes to the /etc/firewalld/zones/external.xml file:
It is harder than it had to be to notice what was added and figuring out
which services were only moved in the list. Please change firewalld to
keep the content of its files sorted, to make it possible for etckeeper
to only report changes to the files.
The text was updated successfully, but these errors were encountered: