From c9c00e84a9a8bfb47271c1295d34c812676a0912 Mon Sep 17 00:00:00 2001
From: "David Kaspar [Dee'Kej]" <dkaspar@redhat.com>
Date: Tue, 10 Oct 2017 17:49:37 +0200
Subject: network-scripts: firewall-cmd replaced with DBus calls

  To speed things up. Based on patch & comments from:
  https://bugzilla.redhat.com/show_bug.cgi?id=1497759
---
 sysconfig/network-scripts/ifdown-post |  9 ++++++---
 sysconfig/network-scripts/ifup-eth    | 15 ++++++++++-----
 sysconfig/network-scripts/ifup-post   |  9 ++++++---
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post
index 8b56e14f..71eebf65 100755
--- a/sysconfig/network-scripts/ifdown-post
+++ b/sysconfig/network-scripts/ifdown-post
@@ -49,9 +49,12 @@ else
 fi
 fi
 
-# Inform firewall
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
-    /usr/bin/firewall-cmd --remove-interface="${DEVICE}" > /dev/null 2>&1
+# Reset firewall ZONE to "default":
+if [ "${REALDEVICE}" != "lo" ]; then
+    dbus-send --system --dest=org.fedoraproject.FirewallD1 \
+              /org/fedoraproject/FirewallD1 \
+              org.fedoraproject.FirewallD1.zone.removeInterface \
+              string: "" string:"${DEVICE}"
 fi
 
 # Notify programs that have requested notification
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index bbdb0d0b..76eedebd 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -325,11 +325,6 @@ if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" -a "${REALDEVICE}" != "lo" ]; the
     ip route add 169.254.0.0/16 dev ${REALDEVICE} metric $((1000 + $(cat /sys/class/net/${REALDEVICE}/ifindex))) scope link
 fi
 
-# Inform firewall which network zone (empty means default) this interface belongs to
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
-    /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1
-fi
-
 if [ "${TYPE}" = "Bridge" ]; then
     for arg in $BRIDGING_OPTS ; do
         key=${arg%%=*};
@@ -343,6 +338,16 @@ fi
 # IPv6 initialisation?
 /etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG}
 if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then
+
+    # Assign interface into a firewalld zone so we can obtain the IPv6 via DHCPv6:
+    if [ "${REALDEVICE}" != "lo" ]; then
+        dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \
+                  /org/fedoraproject/FirewallD1 \
+                  org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
+                  string:"${ZONE}" string:"${DEVICE}" \
+                  &> /dev/null
+    fi
+
     generate_config_file_name 6
     generate_lease_file_name 6
     echo
diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index ab0710b3..7c028546 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -105,9 +105,12 @@ if [ "$2" = "boot" -a \
     fi
 fi
 
-# Inform firewall which network zone (empty means default) this interface belongs to
-if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
-    /usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1
+# Set firewall ZONE for this device (empty means default):
+if [ "${REALDEVICE}" != "lo" ]; then
+    dbus-send --system --dest=org.fedoraproject.FirewallD1 \
+              /org/fedoraproject/FirewallD1 \
+              org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
+              string:"${ZONE}" string:"${DEVICE}"
 fi
 
 # Notify programs that have requested notification
-- 
cgit v1.2.1