File 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch of Package firewalld.9487
From 7d9998b51c7543cacd9526440dd3c3e23c5ab40a Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Wed, 18 Jul 2018 12:17:12 -0400
Subject: [PATCH 6/8] firewall-cmd: Ask NM when listing permanent interfaces
Previously if NM was controlling the zone assignment for an interface it
would be omitted. So lets query NM for a list and combine it with
firewalld's list.
(cherry picked from commit 905e108b410d3e2b5e8aad84566c716c35040ac7)
---
src/firewall-cmd | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/firewall-cmd b/src/firewall-cmd
index ca899321..a58536d9 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -36,7 +36,7 @@ from firewall import errors
from firewall.functions import joinArgs, splitArgs
from firewall.core.fw_nm import nm_is_imported, \
nm_get_connection_of_interface, nm_get_zone_of_connection, \
- nm_set_zone_of_connection
+ nm_set_zone_of_connection, nm_get_interfaces_in_zone
from firewall.core.io.zone import zone_reader
from firewall.core.io.service import service_reader
from firewall.core.io.ipset import ipset_reader
@@ -480,6 +480,14 @@ def try_get_zone_of_interface(interface):
return nm_get_zone_of_connection(connection)
return False
+def try_nm_get_interfaces_in_zone(zone):
+ if nm_is_imported():
+ try:
+ return nm_get_interfaces_in_zone(zone)
+ except Exception:
+ pass
+ return []
+
parser = argparse.ArgumentParser(usage="see firewall-cmd man page",
add_help=False)
@@ -1784,8 +1792,9 @@ if a.permanent:
# interface
if a.list_interfaces:
- l = fw_zone.getInterfaces()
- cmd.print_and_exit(" ".join(l))
+ interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone))
+ | set(fw_zone.getInterfaces()))
+ cmd.print_and_exit(" ".join(interfaces))
elif a.get_zone_of_interface:
for interface in a.get_zone_of_interface:
# ask NM before checking our config
--
2.19.0