diff options
author | David Kaspar [Dee'Kej] <dkaspar@redhat.com> | 2017-10-10 17:49:37 +0200 |
---|---|---|
committer | Dee'Kej <deekej@linuxmail.org> | 2017-10-16 19:06:56 +0200 |
commit | c9c00e84a9a8bfb47271c1295d34c812676a0912 (patch) | |
tree | a150403828221da2a522731febb6a04e82e98c83 | |
parent | 94baef9d28ac98f77623df931c287b77a0c1d8e7 (diff) | |
download | initscripts-c9c00e84a9a8bfb47271c1295d34c812676a0912.tar initscripts-c9c00e84a9a8bfb47271c1295d34c812676a0912.tar.gz initscripts-c9c00e84a9a8bfb47271c1295d34c812676a0912.tar.bz2 initscripts-c9c00e84a9a8bfb47271c1295d34c812676a0912.tar.xz initscripts-c9c00e84a9a8bfb47271c1295d34c812676a0912.zip |
network-scripts: firewall-cmd replaced with DBus calls
To speed things up. Based on patch & comments from:
https://bugzilla.redhat.com/show_bug.cgi?id=1497759
-rwxr-xr-x | sysconfig/network-scripts/ifdown-post | 9 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-eth | 15 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-post | 9 |
3 files changed, 22 insertions, 11 deletions
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post index 8b56e14f..71eebf65 100755 --- a/sysconfig/network-scripts/ifdown-post +++ b/sysconfig/network-scripts/ifdown-post @@ -49,9 +49,12 @@ else fi fi -# Inform firewall -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --remove-interface="${DEVICE}" > /dev/null 2>&1 +# Reset firewall ZONE to "default": +if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.removeInterface \ + string: "" string:"${DEVICE}" fi # Notify programs that have requested notification diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth index bbdb0d0b..76eedebd 100755 --- a/sysconfig/network-scripts/ifup-eth +++ b/sysconfig/network-scripts/ifup-eth @@ -325,11 +325,6 @@ if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" -a "${REALDEVICE}" != "lo" ]; the ip route add 169.254.0.0/16 dev ${REALDEVICE} metric $((1000 + $(cat /sys/class/net/${REALDEVICE}/ifindex))) scope link fi -# Inform firewall which network zone (empty means default) this interface belongs to -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1 -fi - if [ "${TYPE}" = "Bridge" ]; then for arg in $BRIDGING_OPTS ; do key=${arg%%=*}; @@ -343,6 +338,16 @@ fi # IPv6 initialisation? /etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG} if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then + + # Assign interface into a firewalld zone so we can obtain the IPv6 via DHCPv6: + if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \ + string:"${ZONE}" string:"${DEVICE}" \ + &> /dev/null + fi + generate_config_file_name 6 generate_lease_file_name 6 echo diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post index ab0710b3..7c028546 100755 --- a/sysconfig/network-scripts/ifup-post +++ b/sysconfig/network-scripts/ifup-post @@ -105,9 +105,12 @@ if [ "$2" = "boot" -a \ fi fi -# Inform firewall which network zone (empty means default) this interface belongs to -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1 +# Set firewall ZONE for this device (empty means default): +if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \ + string:"${ZONE}" string:"${DEVICE}" fi # Notify programs that have requested notification |