From bf931d4f660af978eef8652ad275fcb7bab0e749 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Tue, 13 Mar 2012 17:26:07 -0400
Subject: Add support for firewalld zones. (#802415, from
 <jpopelka@redhat.com>)

ZONE in an ifcfg file describes the zone an interface should belong to.
Zones can be configured in the firewalld configuration file.

When interfaces are brought up, tell firewalld, if running, to add them
to the proper zone. Similarly, remove them when they're brought down.

Modified from a patch from Jiri Popelka.
---
 sysconfig/network-scripts/ifup-post | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sysconfig/network-scripts/ifup-post')

diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index 29af56b7..fec96c88 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -93,6 +93,11 @@ if [ "$2" = "boot" -a \
     fi
 fi
 
+# Inform firewall which network zone (empty means default) this interface belongs to
+if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
+    /usr/bin/firewall-cmd --zone=${ZONE} --change --interface=${DEVICE} > /dev/null 2>&1
+fi
+
 # Notify programs that have requested notification
 do_netreport
 
-- 
cgit v1.2.1