File 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch of Package firewalld
From fd346a9b2c0b3499a48f8f2bbac97d4e15baf2dc Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 19 Jul 2018 10:56:58 -0400
Subject: [PATCH 8/8] ifcfg: Modify ZONE= on permanent config changes
Only touch the ZONE= in ifcfg files with permanent configuration
changes. We should not be touching these for runtime changes.
(cherry picked from commit e7c00a4063ff88171436cb8d0329abcd3d923765)
---
src/firewall/core/fw_zone.py | 9 ---------
src/firewall/server/config_zone.py | 5 +++++
src/firewall/server/firewalld.py | 4 ++++
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index cce23b01..49b51076 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -32,7 +32,6 @@ from firewall.core.rich import Rich_Rule, Rich_Accept, Rich_Reject, \
from firewall.core.ipXtables import OUR_CHAINS
from firewall.core.fw_transaction import FirewallTransaction, \
FirewallZoneTransaction
-from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
from firewall import errors
from firewall.errors import FirewallError
from firewall.fw_types import LastUpdatedOrderedDict
@@ -427,8 +426,6 @@ class FirewallZone(object):
zone_transaction.add_fail(self.__unregister_interface, _obj,
interface_id)
- zone_transaction.add_post(ifcfg_set_zone_of_interface, zone, interface)
-
if use_zone_transaction is None:
zone_transaction.execute(True)
@@ -499,12 +496,6 @@ class FirewallZone(object):
zone_transaction.add_post(self.__unregister_interface, _obj,
interface_id)
- # Do not reset ZONE with ifdown
- # On reboot or shutdown the zone has been reset to default
- # if the network service is enabled and controlling the
- # interface (RHBZ#1381314)
- #zone_transaction.add_post(ifcfg_set_zone_of_interface, "", interface)
-
if use_zone_transaction is None:
zone_transaction.execute(True)
diff --git a/src/firewall/server/config_zone.py b/src/firewall/server/config_zone.py
index f98f700b..b47434ff 100644
--- a/src/firewall/server/config_zone.py
+++ b/src/firewall/server/config_zone.py
@@ -33,6 +33,7 @@ from firewall.dbus_utils import dbus_to_python, \
dbus_introspection_prepare_properties, \
dbus_introspection_add_properties
from firewall.core.io.zone import Zone
+from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
from firewall.core.base import DEFAULT_ZONE_TARGET
from firewall.core.rich import Rich_Rule
from firewall.core.logger import log
@@ -878,6 +879,8 @@ class FirewallDConfigZone(slip.dbus.service.Object):
settings[10].append(interface)
self.update(settings)
+ ifcfg_set_zone_of_interface(self.obj.name, interface)
+
@dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE,
in_signature='s')
@dbus_handle_exceptions
@@ -891,6 +894,8 @@ class FirewallDConfigZone(slip.dbus.service.Object):
settings[10].remove(interface)
self.update(settings)
+ ifcfg_set_zone_of_interface("", interface)
+
@dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE,
in_signature='s',
out_signature='b')
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
index b2a2453e..2c9d04c5 100644
--- a/src/firewall/server/firewalld.py
+++ b/src/firewall/server/firewalld.py
@@ -50,6 +50,7 @@ from firewall.core.io.icmptype import IcmpType
from firewall.core.io.helper import Helper
from firewall.core.fw_nm import nm_get_bus_name, nm_get_connection_of_interface, \
nm_set_zone_of_connection
+from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface
from firewall import errors
from firewall.errors import FirewallError
@@ -458,6 +459,9 @@ class FirewallD(slip.dbus.service.Object):
if changed:
del conf
conf = settings.settings
+ # For the remaining try to update the ifcfg files
+ for interface in settings.getInterfaces():
+ ifcfg_set_zone_of_interface(name, interface)
try:
if name in config_names:
conf_obj = self.config.getZoneByName(name)
--
2.19.0
