diff options
| author | David Kaspar [Dee'Kej] <dkaspar@redhat.com> | 2017-10-10 17:49:37 +0200 |
|---|---|---|
| committer | Dee'Kej <deekej@linuxmail.org> | 2017-10-31 12:27:31 +0100 |
| commit | e30b3c095221ebec965e9c78a78f694b6a7a3aa4 (patch) | |
| tree | 6ceac909861668047a8cdf2b477bfb4942a2373b | |
| parent | 72f4b40634ebd653bcebd124ae80ea1f46f04a76 (diff) | |
| download | initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.gz initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.bz2 initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.xz initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.zip | |
network-scripts: firewall-cmd replaced with DBus calls
To speed things up. Based on patch & comments from:
https://bugzilla.redhat.com/show_bug.cgi?id=1497759
| -rwxr-xr-x | sysconfig/network-scripts/ifdown-post | 9 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-eth | 15 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-post | 9 |
3 files changed, 22 insertions, 11 deletions
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post index 8b56e14f..71eebf65 100755 --- a/sysconfig/network-scripts/ifdown-post +++ b/sysconfig/network-scripts/ifdown-post @@ -49,9 +49,12 @@ else fi fi -# Inform firewall -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --remove-interface="${DEVICE}" > /dev/null 2>&1 +# Reset firewall ZONE to "default": +if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.removeInterface \ + string: "" string:"${DEVICE}" fi # Notify programs that have requested notification diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth index 5096a5d8..a4efc389 100755 --- a/sysconfig/network-scripts/ifup-eth +++ b/sysconfig/network-scripts/ifup-eth @@ -308,11 +308,6 @@ if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" -a "${REALDEVICE}" != "lo" ]; the ip route add 169.254.0.0/16 dev ${REALDEVICE} metric $((1000 + $(cat /sys/class/net/${REALDEVICE}/ifindex))) scope link fi -# Inform firewall which network zone (empty means default) this interface belongs to -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1 -fi - if [ "${TYPE}" = "Bridge" ]; then for arg in $BRIDGING_OPTS ; do key=${arg%%=*}; @@ -326,6 +321,16 @@ fi # IPv6 initialisation? /etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG} if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then + + # Assign interface into a firewalld zone so we can obtain the IPv6 via DHCPv6: + if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \ + string:"${ZONE}" string:"${DEVICE}" \ + &> /dev/null + fi + generate_config_file_name 6 generate_lease_file_name 6 echo diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post index ab0710b3..7c028546 100755 --- a/sysconfig/network-scripts/ifup-post +++ b/sysconfig/network-scripts/ifup-post @@ -105,9 +105,12 @@ if [ "$2" = "boot" -a \ fi fi -# Inform firewall which network zone (empty means default) this interface belongs to -if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then - /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1 +# Set firewall ZONE for this device (empty means default): +if [ "${REALDEVICE}" != "lo" ]; then + dbus-send --system --dest=org.fedoraproject.FirewallD1 \ + /org/fedoraproject/FirewallD1 \ + org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \ + string:"${ZONE}" string:"${DEVICE}" fi # Notify programs that have requested notification |