Skip to content

firewall_manager: Add fallbacks when missing kernel modules #3511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
litian1992 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

firewall_manager: Add fallbacks when missing kernel modules #3511

litian1992 wants to merge 1 commit into from

Conversation

@litian1992
Copy link
Contributor

@litian1992 litian1992 commented Dec 17, 2025
edited
Loading

Description

There are firewall rules invoked without checking the existence of the dependent kernel modules, e.g. xt_owner and xt_conntrack. These modules reside in kernel-modules-extra in distros like RHEL. The kernel-modules-extra package is not a dependency of iptables in terms of UKI. Thus the existence deserves checking.

Issue #3510

PR information

  • Ensure development PR is based on the develop branch.
  • If applicable, the PR references the bug/issue that it fixes in the description.
  • New Unit tests were added for the changes made

Quality of Code and Contribution Guidelines

Distro maintenance information, if applicable

  • This is a contribution from a distro maintainer
  • The changes in this PR have been taken as a downstream patch (Note: it is not recommended to patch the agent without upstream review and approval)

@narrieta narrieta self-assigned this Dec 17, 2025
@litian1992
firewall_manager: Add fallbacks when missing kernel modules
1ddb664 
There are firewall rules invoked without checking the existence
of the dependent kernel modules, e.g. xt_owner and xt_conntrack.
These modules reside in kernel-modules-extra in distros like RHEL.
The kernel-modules-extra package is not a dependency of iptables
in terms of UKI. Thus the existence deserves checking.

Signed-off-by: Li Tian <litian@redhat.com>
@litian1992 litian1992 force-pushed the litian-missing-modules branch from 50b3525 to 1ddb664 Compare December 18, 2025 01:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@narrieta narrieta Awaiting requested review from narrieta narrieta is a code owner

@ZhidongPeng ZhidongPeng Awaiting requested review from ZhidongPeng ZhidongPeng is a code owner

@nagworld9 nagworld9 Awaiting requested review from nagworld9 nagworld9 is a code owner

@maddieford maddieford Awaiting requested review from maddieford maddieford is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@narrieta narrieta

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@litian1992 @narrieta