From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-520678-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id AD08E1381F3
	for <garchives@archives.gentoo.org>; Mon,  5 Nov 2012 23:22:18 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1830EE052E;
	Mon,  5 Nov 2012 23:22:03 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 7C5EAE052E
	for <gentoo-commits@lists.gentoo.org>; Mon,  5 Nov 2012 23:22:03 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BDF0433D79A
	for <gentoo-commits@lists.gentoo.org>; Mon,  5 Nov 2012 23:22:02 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 2C0D6E5442
	for <gentoo-commits@lists.gentoo.org>; Mon,  5 Nov 2012 23:22:00 +0000 (UTC)
From: "William Hubbs" <williamh@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "William Hubbs" <williamh@gentoo.org>
Message-ID: <1352157608.5657fa797512b31ada66e901b891961e63861208.WilliamH@OpenRC>
Subject: [gentoo-commits] proj/openrc:master commit in: net/, doc/
X-VCS-Repository: proj/openrc
X-VCS-Files: doc/net.example.Linux.in net/Makefile net/firewalld.sh
X-VCS-Directories: net/ doc/
X-VCS-Committer: WilliamH
X-VCS-Committer-Name: William Hubbs
X-VCS-Revision: 5657fa797512b31ada66e901b891961e63861208
X-VCS-Branch: master
Date: Mon,  5 Nov 2012 23:22:00 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 276251e5-1f8c-4d1f-ad47-9c5bd7ffbbec
X-Archives-Hash: 60678c3e5abbdc8387b1289b34a70520

commit:     5657fa797512b31ada66e901b891961e63861208
Author:     Doug Goldstein <cardoe <AT> cardoe <DOT> com>
AuthorDate: Mon Nov  5 22:54:09 2012 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Nov  5 23:20:08 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=5657fa79

oldnet: add firewalld support

---
 doc/net.example.Linux.in |    7 +++++++
 net/Makefile             |    2 +-
 net/firewalld.sh         |   38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 70ae4e9..f050c2a 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -1137,6 +1137,13 @@
 # Hypothetical network card that requires a change-eeprom toggle to enable flashing
 #ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
 
+#-----------------------------------------------------------------------------
+# Firewalld support
+# If you are using the firewalld daemon to configure your firewall
+# settings and you have specific zones you want to apply to your
+# interfaces, you can do this here.
+#firewalld_zone_eth0="myzone"
+
 ##############################################################################
 # ADVANCED CONFIGURATION
 #

diff --git a/net/Makefile b/net/Makefile
index 660b1fa..cc24a80 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -13,7 +13,7 @@ SRCS-Linux=	iwconfig.sh.in
 INC-Linux=	adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
 		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
 		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
-		vlan.sh macvlan.sh ip6rd.sh
+		vlan.sh macvlan.sh ip6rd.sh firewalld.sh
 
 SRCS-NetBSD=
 INC-NetBSD=	ifwatchd.sh

diff --git a/net/firewalld.sh b/net/firewalld.sh
new file mode 100644
index 0000000..b002967
--- /dev/null
+++ b/net/firewalld.sh
@@ -0,0 +1,38 @@
+# Copyright (c) 2012 Doug Goldstein <cardoe@cardoe.com>
+# Released under the 2-clause BSD license.
+
+firewalld_depend()
+{
+	after interface
+	before dhcp
+	program start firewall-cmd
+	[ "$IFACE" != "lo" ] && need firewalld
+}
+
+_config_vars="$_config_vars firewalld_zone"
+
+firewalld_post_start()
+{
+	local firewalld_zone=
+	eval firewalld_zone=\$firewalld_zone_${IFVAR}
+
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --zone="${firewalld_zone}" \
+			--change-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}
+
+firewalld_pre_stop()
+{
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --remove-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}