aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Kaspar [Dee'Kej] <dkaspar@redhat.com>2017-10-10 17:49:37 +0200
committerDee'Kej <deekej@linuxmail.org>2017-10-31 12:27:31 +0100
commite30b3c095221ebec965e9c78a78f694b6a7a3aa4 (patch)
tree6ceac909861668047a8cdf2b477bfb4942a2373b
parent72f4b40634ebd653bcebd124ae80ea1f46f04a76 (diff)
downloadinitscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar
initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.gz
initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.bz2
initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.tar.xz
initscripts-e30b3c095221ebec965e9c78a78f694b6a7a3aa4.zip
network-scripts: firewall-cmd replaced with DBus calls
To speed things up. Based on patch & comments from: https://bugzilla.redhat.com/show_bug.cgi?id=1497759
-rwxr-xr-xsysconfig/network-scripts/ifdown-post9
-rwxr-xr-xsysconfig/network-scripts/ifup-eth15
-rwxr-xr-xsysconfig/network-scripts/ifup-post9
3 files changed, 22 insertions, 11 deletions
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post
index 8b56e14f..71eebf65 100755
--- a/sysconfig/network-scripts/ifdown-post
+++ b/sysconfig/network-scripts/ifdown-post
@@ -49,9 +49,12 @@ else
fi
fi
-# Inform firewall
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
- /usr/bin/firewall-cmd --remove-interface="${DEVICE}" > /dev/null 2>&1
+# Reset firewall ZONE to "default":
+if [ "${REALDEVICE}" != "lo" ]; then
+ dbus-send --system --dest=org.fedoraproject.FirewallD1 \
+ /org/fedoraproject/FirewallD1 \
+ org.fedoraproject.FirewallD1.zone.removeInterface \
+ string: "" string:"${DEVICE}"
fi
# Notify programs that have requested notification
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index 5096a5d8..a4efc389 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -308,11 +308,6 @@ if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" -a "${REALDEVICE}" != "lo" ]; the
ip route add 169.254.0.0/16 dev ${REALDEVICE} metric $((1000 + $(cat /sys/class/net/${REALDEVICE}/ifindex))) scope link
fi
-# Inform firewall which network zone (empty means default) this interface belongs to
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
- /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1
-fi
-
if [ "${TYPE}" = "Bridge" ]; then
for arg in $BRIDGING_OPTS ; do
key=${arg%%=*};
@@ -326,6 +321,16 @@ fi
# IPv6 initialisation?
/etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG}
if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then
+
+ # Assign interface into a firewalld zone so we can obtain the IPv6 via DHCPv6:
+ if [ "${REALDEVICE}" != "lo" ]; then
+ dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \
+ /org/fedoraproject/FirewallD1 \
+ org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
+ string:"${ZONE}" string:"${DEVICE}" \
+ &> /dev/null
+ fi
+
generate_config_file_name 6
generate_lease_file_name 6
echo
diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index ab0710b3..7c028546 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -105,9 +105,12 @@ if [ "$2" = "boot" -a \
fi
fi
-# Inform firewall which network zone (empty means default) this interface belongs to
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
- /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1
+# Set firewall ZONE for this device (empty means default):
+if [ "${REALDEVICE}" != "lo" ]; then
+ dbus-send --system --dest=org.fedoraproject.FirewallD1 \
+ /org/fedoraproject/FirewallD1 \
+ org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
+ string:"${ZONE}" string:"${DEVICE}"
fi
# Notify programs that have requested notification