diff options
author | Bill Nottingham <notting@redhat.com> | 2012-03-13 17:26:07 -0400 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2012-03-13 17:26:07 -0400 |
commit | bf931d4f660af978eef8652ad275fcb7bab0e749 (patch) | |
tree | 2a27b1d35d6bcbcef57156bbd5d57eda4c868a8f /sysconfig/network-scripts | |
parent | 9ff2a34af83f786802644b69794ce01fe0dfb0d9 (diff) | |
download | initscripts-bf931d4f660af978eef8652ad275fcb7bab0e749.tar initscripts-bf931d4f660af978eef8652ad275fcb7bab0e749.tar.gz initscripts-bf931d4f660af978eef8652ad275fcb7bab0e749.tar.bz2 initscripts-bf931d4f660af978eef8652ad275fcb7bab0e749.tar.xz initscripts-bf931d4f660af978eef8652ad275fcb7bab0e749.zip |
Add support for firewalld zones. (#802415, from <jpopelka@redhat.com>)
ZONE in an ifcfg file describes the zone an interface should belong to.
Zones can be configured in the firewalld configuration file.
When interfaces are brought up, tell firewalld, if running, to add them
to the proper zone. Similarly, remove them when they're brought down.
Modified from a patch from Jiri Popelka.
Diffstat (limited to 'sysconfig/network-scripts')
-rwxr-xr-x | sysconfig/network-scripts/ifdown-post | 5 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-post | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post index 0a1b938a..d37b59da 100755 --- a/sysconfig/network-scripts/ifdown-post +++ b/sysconfig/network-scripts/ifdown-post @@ -46,6 +46,11 @@ if ! check_default_route ; then fi fi +# Inform firewall +if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then + /usr/bin/firewall-cmd --remove --interface=${DEVICE} > /dev/null 2>&1 +fi + # Notify programs that have requested notification do_netreport diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post index 29af56b7..fec96c88 100755 --- a/sysconfig/network-scripts/ifup-post +++ b/sysconfig/network-scripts/ifup-post @@ -93,6 +93,11 @@ if [ "$2" = "boot" -a \ fi fi +# Inform firewall which network zone (empty means default) this interface belongs to +if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then + /usr/bin/firewall-cmd --zone=${ZONE} --change --interface=${DEVICE} > /dev/null 2>&1 +fi + # Notify programs that have requested notification do_netreport |