[gentoo-commits] proj/openrc:master commit in: net/, doc/

["William Hubbs" <williamh@gentoo.org>]

commit:     5657fa797512b31ada66e901b891961e63861208
Author:     Doug Goldstein <cardoe <AT> cardoe <DOT> com>
AuthorDate: Mon Nov  5 22:54:09 2012 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Nov  5 23:20:08 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=5657fa79

oldnet: add firewalld support

---
 doc/net.example.Linux.in |    7 +++++++
 net/Makefile             |    2 +-
 net/firewalld.sh         |   38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 70ae4e9..f050c2a 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -1137,6 +1137,13 @@
 # Hypothetical network card that requires a change-eeprom toggle to enable flashing
 #ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
 
+#-----------------------------------------------------------------------------
+# Firewalld support
+# If you are using the firewalld daemon to configure your firewall
+# settings and you have specific zones you want to apply to your
+# interfaces, you can do this here.
+#firewalld_zone_eth0="myzone"
+
 ##############################################################################
 # ADVANCED CONFIGURATION
 #

diff --git a/net/Makefile b/net/Makefile
index 660b1fa..cc24a80 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -13,7 +13,7 @@ SRCS-Linux=	iwconfig.sh.in
 INC-Linux=	adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
 		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
 		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
-		vlan.sh macvlan.sh ip6rd.sh
+		vlan.sh macvlan.sh ip6rd.sh firewalld.sh
 
 SRCS-NetBSD=
 INC-NetBSD=	ifwatchd.sh

diff --git a/net/firewalld.sh b/net/firewalld.sh
new file mode 100644
index 0000000..b002967
--- /dev/null
+++ b/net/firewalld.sh
@@ -0,0 +1,38 @@
+# Copyright (c) 2012 Doug Goldstein <cardoe@cardoe.com>
+# Released under the 2-clause BSD license.
+
+firewalld_depend()
+{
+	after interface
+	before dhcp
+	program start firewall-cmd
+	[ "$IFACE" != "lo" ] && need firewalld
+}
+
+_config_vars="$_config_vars firewalld_zone"
+
+firewalld_post_start()
+{
+	local firewalld_zone=
+	eval firewalld_zone=\$firewalld_zone_${IFVAR}
+
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --zone="${firewalld_zone}" \
+			--change-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}
+
+firewalld_pre_stop()
+{
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --remove-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}