Enable iptables by default (#10597)

rlmenge · web-flow · commit fd3f001789de · 2024-10-02T16:42:12.000-07:00
Default presets were introduced in PR #8028. The default firewall was firewalld which is not fully supported for Azl3. Therefore, set as iptables. - For an image upgrade, this PR will cause the iptables.service to run by default and thus, will introduce firewall rules by default. - For a package upgrade to azurelinux-release-3.0-20, the iptables service will be recognized as being allowed by the preset but will NOT be enabled by default. That being said, if an iptables.rpm upgrade comes in afterwards, the rules WILL be turned on - For a package downgrade to an older package (< azurelinux-release-3.0-20), the preset will show that the iptables service is disabled by the preset but iptables WILL continue to run even after reboot
diff --git a/SPECS/azurelinux-release/90-default.preset b/SPECS/azurelinux-release/90-default.preset
@@ -28,7 +28,7 @@ enable rsyslog.*
 enable syslog-ng.*
 enable sysklogd.*
 
-enable firewalld.service
+enable iptables.service
 
 enable virtqemud.socket
 enable virtqemud-ro.socket
diff --git a/SPECS/azurelinux-release/azurelinux-release.signatures.json b/SPECS/azurelinux-release/azurelinux-release.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "90-default.preset": "50ed546e79e3c9f5c4f2d4a9796255537f4900d5d1d78c0564fbe7362634531b",
+  "90-default.preset": "073dd8a72f9ef915280bb608f5ea0b394c0d658fe0537d552135332168fadb03",
   "90-default-user.preset": "7cf8f4d2ca1760e04ff46bd2444609cfd27a7ab456be2f9e73b0f89c284e134d",
   "99-default-disable.preset": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378",
   "15-azurelinux-default.conf": "63a46ecbed4b92f996718ea9202e914ff119c2c06fdaeed3d1e2710aabc663b4"
diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec
@@ -5,7 +5,7 @@
 Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        %{dist_version}.0
-Release:        19%{?dist}
+Release:        20%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/
 %{_sysctldir}/*.conf
 
 %changelog
+* Fri Sep 27 2024 Rachel Menge <rachelmenge@microsoft.com> - 3.0-20
+- Enable iptables as default firewall
+
 * Wed Sep 25 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0-19
 - Bump release for October 2024 Update
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "90-default.preset": "50ed546e79e3c9f5c4f2d4a9796255537f4900d5d1d78c0564fbe7362634531b",`
	`3`	`+ "90-default.preset": "073dd8a72f9ef915280bb608f5ea0b394c0d658fe0537d552135332168fadb03",`
`4`	`4`	`"90-default-user.preset": "7cf8f4d2ca1760e04ff46bd2444609cfd27a7ab456be2f9e73b0f89c284e134d",`
`5`	`5`	`"99-default-disable.preset": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378",`
`6`	`6`	`"15-azurelinux-default.conf": "63a46ecbed4b92f996718ea9202e914ff119c2c06fdaeed3d1e2710aabc663b4"`