File 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch of Package firewalld

From 7d9998b51c7543cacd9526440dd3c3e23c5ab40a Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Wed, 18 Jul 2018 12:17:12 -0400
Subject: [PATCH 6/8] firewall-cmd: Ask NM when listing permanent interfaces

Previously if NM was controlling the zone assignment for an interface it
would be omitted. So lets query NM for a list and combine it with
firewalld's list.

(cherry picked from commit 905e108b410d3e2b5e8aad84566c716c35040ac7)
---
 src/firewall-cmd | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/firewall-cmd b/src/firewall-cmd
index ca899321..a58536d9 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -36,7 +36,7 @@ from firewall import errors
 from firewall.functions import joinArgs, splitArgs
 from firewall.core.fw_nm import nm_is_imported, \
     nm_get_connection_of_interface, nm_get_zone_of_connection, \
-    nm_set_zone_of_connection
+    nm_set_zone_of_connection, nm_get_interfaces_in_zone
 from firewall.core.io.zone import zone_reader
 from firewall.core.io.service import service_reader
 from firewall.core.io.ipset import ipset_reader
@@ -480,6 +480,14 @@ def try_get_zone_of_interface(interface):
                 return nm_get_zone_of_connection(connection)
     return False
 
+def try_nm_get_interfaces_in_zone(zone):
+    if nm_is_imported():
+        try:
+            return nm_get_interfaces_in_zone(zone)
+        except Exception:
+            pass
+    return []
+
 parser = argparse.ArgumentParser(usage="see firewall-cmd man page",
                                  add_help=False)
 
@@ -1784,8 +1792,9 @@ if a.permanent:
 
         # interface
         if a.list_interfaces:
-            l = fw_zone.getInterfaces()
-            cmd.print_and_exit(" ".join(l))
+            interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone))
+                                | set(fw_zone.getInterfaces()))
+            cmd.print_and_exit(" ".join(interfaces))
         elif a.get_zone_of_interface:
             for interface in a.get_zone_of_interface:
                 # ask NM before checking our config
-- 
2.19.0
openSUSE Build Service is sponsored by