oldnet: add firewalld support

doc/net.example.Linux.in

@@ -1137,6 +1137,13 @@
 # Hypothetical network card that requires a change-eeprom toggle to enable flashing
 #ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
 
+#-----------------------------------------------------------------------------
+# Firewalld support
+# If you are using the firewalld daemon to configure your firewall
+# settings and you have specific zones you want to apply to your
+# interfaces, you can do this here.
+#firewalld_zone_eth0="myzone"
+
 ##############################################################################
 # ADVANCED CONFIGURATION
 #

net/Makefile

@@ -13,7 +13,7 @@ SRCS-Linux=	iwconfig.sh.in
 INC-Linux=	adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
 		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
 		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
-		vlan.sh macvlan.sh ip6rd.sh
+		vlan.sh macvlan.sh ip6rd.sh firewalld.sh
 
 SRCS-NetBSD=
 INC-NetBSD=	ifwatchd.sh

net/firewalld.sh

@@ -0,0 +1,38 @@
+# Copyright (c) 2012 Doug Goldstein <cardoe@cardoe.com>
+# Released under the 2-clause BSD license.
+
+firewalld_depend()
+{
+	after interface
+	before dhcp
+	program start firewall-cmd
+	[ "$IFACE" != "lo" ] && need firewalld
+}
+
+_config_vars="$_config_vars firewalld_zone"
+
+firewalld_post_start()
+{
+	local firewalld_zone=
+	eval firewalld_zone=\$firewalld_zone_${IFVAR}
+
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --zone="${firewalld_zone}" \
+			--change-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}
+
+firewalld_pre_stop()
+{
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --remove-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}