File 0001-ifcfg-Modify-ZONE-on-permanent-config-chan... of Package firewalld

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch of Package firewalld

From fd346a9b2c0b3499a48f8f2bbac97d4e15baf2dc Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 19 Jul 2018 10:56:58 -0400
Subject: [PATCH 8/8] ifcfg: Modify ZONE= on permanent config changes

Only touch the ZONE= in ifcfg files with permanent configuration
changes. We should not be touching these for runtime changes.

(cherry picked from commit e7c00a4063ff88171436cb8d0329abcd3d923765)
---
 src/firewall/core/fw_zone.py       | 9 ---------
 src/firewall/server/config_zone.py | 5 +++++
 src/firewall/server/firewalld.py   | 4 ++++
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index cce23b01..49b51076 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -32,7 +32,6 @@ from firewall.core.rich import Rich_Rule, Rich_Accept, Rich_Reject, \
 from firewall.core.ipXtables import OUR_CHAINS
 from firewall.core.fw_transaction import FirewallTransaction, \
     FirewallZoneTransaction
-from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
 from firewall import errors
 from firewall.errors import FirewallError
 from firewall.fw_types import LastUpdatedOrderedDict
@@ -427,8 +426,6 @@ class FirewallZone(object):
         zone_transaction.add_fail(self.__unregister_interface, _obj,
                                   interface_id)
 
-        zone_transaction.add_post(ifcfg_set_zone_of_interface, zone, interface)
-
         if use_zone_transaction is None:
             zone_transaction.execute(True)
 
@@ -499,12 +496,6 @@ class FirewallZone(object):
         zone_transaction.add_post(self.__unregister_interface, _obj,
                                   interface_id)
 
-        # Do not reset ZONE with ifdown
-        # On reboot or shutdown the zone has been reset to default
-        # if the network service is enabled and controlling the
-        # interface (RHBZ#1381314)
-        #zone_transaction.add_post(ifcfg_set_zone_of_interface, "", interface)
-
         if use_zone_transaction is None:
             zone_transaction.execute(True)
 
diff --git a/src/firewall/server/config_zone.py b/src/firewall/server/config_zone.py
index f98f700b..b47434ff 100644
--- a/src/firewall/server/config_zone.py
+++ b/src/firewall/server/config_zone.py
@@ -33,6 +33,7 @@ from firewall.dbus_utils import dbus_to_python, \
     dbus_introspection_prepare_properties, \
     dbus_introspection_add_properties
 from firewall.core.io.zone import Zone
+from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
 from firewall.core.base import DEFAULT_ZONE_TARGET
 from firewall.core.rich import Rich_Rule
 from firewall.core.logger import log
@@ -878,6 +879,8 @@ class FirewallDConfigZone(slip.dbus.service.Object):
         settings[10].append(interface)
         self.update(settings)
 
+        ifcfg_set_zone_of_interface(self.obj.name, interface)
+
     @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE,
                          in_signature='s')
     @dbus_handle_exceptions
@@ -891,6 +894,8 @@ class FirewallDConfigZone(slip.dbus.service.Object):
         settings[10].remove(interface)
         self.update(settings)
 
+        ifcfg_set_zone_of_interface("", interface)
+
     @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE,
                          in_signature='s',
                          out_signature='b')
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
index b2a2453e..2c9d04c5 100644
--- a/src/firewall/server/firewalld.py
+++ b/src/firewall/server/firewalld.py
@@ -50,6 +50,7 @@ from firewall.core.io.icmptype import IcmpType
 from firewall.core.io.helper import Helper
 from firewall.core.fw_nm import nm_get_bus_name, nm_get_connection_of_interface, \
                                 nm_set_zone_of_connection
+from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
 from firewall import errors
 from firewall.errors import FirewallError
 
@@ -458,6 +459,9 @@ class FirewallD(slip.dbus.service.Object):
                 if changed:
                     del conf
                     conf = settings.settings
+            # For the remaining try to update the ifcfg files
+            for interface in settings.getInterfaces():
+                ifcfg_set_zone_of_interface(name, interface)
             try:
                 if name in config_names:
                     conf_obj = self.config.getZoneByName(name)
-- 
2.19.0

Places

File 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch of Package firewalld

Places