oldnet: add firewalld support

This commit is contained in:
Doug Goldstein 2012-11-05 16:54:09 -06:00 committed by William Hubbs
parent 4936b72e0f
commit 5657fa7975
3 changed files with 46 additions and 1 deletions

View File

@ -1137,6 +1137,13 @@
# Hypothetical network card that requires a change-eeprom toggle to enable flashing # Hypothetical network card that requires a change-eeprom toggle to enable flashing
#ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple" #ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
#-----------------------------------------------------------------------------
# Firewalld support
# If you are using the firewalld daemon to configure your firewall
# settings and you have specific zones you want to apply to your
# interfaces, you can do this here.
#firewalld_zone_eth0="myzone"
############################################################################## ##############################################################################
# ADVANCED CONFIGURATION # ADVANCED CONFIGURATION
# #

View File

@ -13,7 +13,7 @@ SRCS-Linux= iwconfig.sh.in
INC-Linux= adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \ INC-Linux= adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \ ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \ ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
vlan.sh macvlan.sh ip6rd.sh vlan.sh macvlan.sh ip6rd.sh firewalld.sh
SRCS-NetBSD= SRCS-NetBSD=
INC-NetBSD= ifwatchd.sh INC-NetBSD= ifwatchd.sh

38
net/firewalld.sh Normal file
View File

@ -0,0 +1,38 @@
# Copyright (c) 2012 Doug Goldstein <cardoe@cardoe.com>
# Released under the 2-clause BSD license.
firewalld_depend()
{
after interface
before dhcp
program start firewall-cmd
[ "$IFACE" != "lo" ] && need firewalld
}
_config_vars="$_config_vars firewalld_zone"
firewalld_post_start()
{
local firewalld_zone=
eval firewalld_zone=\$firewalld_zone_${IFVAR}
_exists || return 0
if [ "${IFACE}" != "lo" ]; then
firewall-cmd --zone="${firewalld_zone}" \
--change-interface="${IFACE}" > /dev/null 2>&1
fi
return 0
}
firewalld_pre_stop()
{
_exists || return 0
if [ "${IFACE}" != "lo" ]; then
firewall-cmd --remove-interface="${IFACE}" > /dev/null 2>&1
fi
return 0
}