Setup: RPi 3B+ happily running Fedora 29, serving as an access point using hostapd. Setup is typical (eth0 and wlan0 bridged via br0). All interfaces are all started (sucessfully, without errors) using network-scripts. Not using Network Manager nor is any GUI running - this is a headless server in runlevel 3.
All was good with this....until about two weeks ago when I did a routine "dnf update" to get the latest and greatest and then rebooted and...then hostapd stopped working. Well, mostly: I can still connect to the access point, and I can still ssh into the RPi using it as my access point, so the wireless side of hostapd is all fine, as is local traffic into and out of the server via wireless. But I cannot get any traffic from hostapd's wireless client except ICMP (pings) to forward out of the server into the gateway - it's like tcp forwarding or NAT just went away. (Yes, before you ask, /proc/sys/net/ipv4/ip_forward is set to 1.) And nothing in dmesg or the logs seems to be an error that's germane.
I have a strong suspicion the issue is iptables/firewalld related, even though I didn't change any firewall rules myself. Fedora throws up LOTS of rules in the default configuration, so it's a little daunting to figure out what might have changed after the update that would have broken the access point functionality.
Anyone else seeing this kind of thing after a recent update? Or have suggestions for a debug strategy through the rule set that can narrow things down? Happy to post the iptables rules if that would aid in the troubleshooting. Thanks!