network: remove firewalld version check from networkSetBridgeZone()

At the time the version check in this function was written, there were still several supported versions of some distros that were using a version of firewalld too old to support the "rich rule priorities" used by the 'libvirt' zone that we installed for firewalld. Today the newest distro that has a version of firewalld < 0.7.0 is RHEL7/CentOS7, so we can remove the complexity and if the libvirt zone is missing simply say "the libvirt zone is missing". Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2025-02-01 17:35:17 +00:00 · 2024-09-05 11:56:10 -04:00 · 2024-09-05 11:56:10 -04:00 · 1a3778fe0a
commit 1a3778fe0a
parent 1a72b83d56
1 changed files with 3 additions and 18 deletions
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@ -381,24 +381,9 @@ networkSetBridgeZone(virNetworkDef *def)
                if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
                    return -1;
            } else {
-                unsigned long long version;
-                int vresult = virFirewallDGetVersion(&version);
-
-                if (vresult < 0)
-                    return -1;
-
-                /* Support for nftables backend was added in firewalld
-                 * 0.6.0. Support for rule priorities (required by the
-                 * 'libvirt' zone, which should be installed by a
-                 * libvirt package, *not* by firewalld) was not added
-                 * until firewalld 0.7.0 (unless it was backported).
-                 */
-                if (version >= 6000 &&
-                    virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
-                    virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                                   _("firewalld is set to use the nftables backend, but the required firewalld 'libvirt' zone is missing. Either set the firewalld backend to 'iptables', or ensure that firewalld has a 'libvirt' zone by upgrading firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding libvirt with --with-firewalld-zone"));
-                    return -1;
-                }
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
+                return -1;
            }
        }
    }