diff options
| -rw-r--r-- | sysconfig.txt | 4 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifdown-post | 5 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-post | 5 |
3 files changed, 14 insertions, 0 deletions
diff --git a/sysconfig.txt b/sysconfig.txt index 3e135d3f..a64bb59b 100644 --- a/sysconfig.txt +++ b/sysconfig.txt @@ -606,6 +606,10 @@ Files in /etc/sysconfig/network-scripts/ NM_CONTROLLED=yes|no If set to 'no', NetworkManager will ignore this connection/device. Defaults to 'yes'. + ZONE= + Network zone (trust level) of this connection. + If not set, default zone (specified in /etc/firewalld/firewalld.conf) + is used. To see all available zones, run 'firewall-cmd --get-zones'. For dynamic addressing (BOOTPROTO=dhcp) only DEVICE needs to be set; all the rest will be determined by the boot protocol. diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post index 0a1b938a..d37b59da 100755 --- a/sysconfig/network-scripts/ifdown-post +++ b/sysconfig/network-scripts/ifdown-post @@ -46,6 +46,11 @@ if ! check_default_route ; then fi fi +# Inform firewall +if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then + /usr/bin/firewall-cmd --remove --interface=${DEVICE} > /dev/null 2>&1 +fi + # Notify programs that have requested notification do_netreport diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post index 29af56b7..fec96c88 100755 --- a/sysconfig/network-scripts/ifup-post +++ b/sysconfig/network-scripts/ifup-post @@ -93,6 +93,11 @@ if [ "$2" = "boot" -a \ fi fi +# Inform firewall which network zone (empty means default) this interface belongs to +if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then + /usr/bin/firewall-cmd --zone=${ZONE} --change --interface=${DEVICE} > /dev/null 2>&1 +fi + # Notify programs that have requested notification do_netreport |