Combined patch for https://github.com/firewalld/firewalld/pull/262
- https://github.com/firewalld/firewalld/commit/593d3158e9147b230f6b2307dabe6b6d294a539f
- https://github.com/firewalld/firewalld/commit/399cf02ffef846281a67421b2c1d1cf818af8f61
- https://github.com/firewalld/firewalld/commit/278938d754b2ede993992987cc6c2418c82b85a0
diff --git a/configure.ac b/configure.ac
index 776e627b..7cd11758 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,6 +67,11 @@ AC_ARG_WITH([bashcompletiondir],
[BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"])
AC_SUBST(BASHCOMPLETIONDIR)
+AC_ARG_WITH([ifcfgdir],
+ AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]),
+ [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"])
+AC_SUBST(IFCFGDIR)
+
# Extend PATH to include /sbin etc in case we are building as non-root
FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin"
diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
index db649b61..6df3b8c4 100644
--- a/doc/xml/Makefile.am
+++ b/doc/xml/Makefile.am
@@ -2,7 +2,8 @@ XSLTPROC = xsltproc
EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \
authors.xml notes.xml seealso.xml errorcodes.xml \
- transform-man.xsl.in transform-html.xsl.in
+ transform-man.xsl.in transform-html.xsl.in \
+ firewalld.xml.in firewall-cmd.xml.in firewallctl.xml.in
man_MANS = $(man1_MANS) $(man5_MANS)
HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html)
@@ -29,7 +30,8 @@ man5_MANS = \
../man/man5/firewalld.zones.5
CLEAN_FILES = *~ errorcodes.xml
-DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl
+DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \
+ firewalld.xml firewall-cmd.xml firewallctl.xml
#SGML_CATALOG_FILES
#XSLTPROC_FLAGS = --catalogs --nonet --xinclude
@@ -44,9 +46,9 @@ all: $(man_MANS) $(HTMLS)
clean:
-test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES)
-../man/man1/firewall-cmd.1: errorcodes.xml
+../man/man1/firewall-cmd.1: errorcodes.xml firewall-cmd.xml
-../html/firewall-cmd.html: errorcodes.xml
+../html/firewall-cmd.html: errorcodes.xml firewall-cmd.xml
../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl
$(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $<
@@ -67,9 +69,16 @@ errorcodes.xml: ../../src/firewall/errors.py
edit = sed \
-e 's|\@PREFIX\@|$(prefix)|' \
-e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
- -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|'
+ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
+ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
transform-man.xsl: transform-man.xsl.in
$(edit) $< >$@
transform-html.xsl: transform-html.xsl.in
$(edit) $< >$@
+firewall-cmd.xml: firewall-cmd.xml.in
+ $(edit) $< >$@
+firewalld.xml: firewalld.xml.in
+ $(edit) $< >$@
+firewallctl.xml: firewallctl.xml.in
+ $(edit) $< >$@
diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml.in
similarity index 99%
rename from doc/xml/firewall-cmd.xml
rename to doc/xml/firewall-cmd.xml.in
index 0b54b0be..80b1fbe1 100644
--- a/doc/xml/firewall-cmd.xml
+++ b/doc/xml/firewall-cmd.xml.in
@@ -910,7 +910,7 @@ For interfaces that are not under control of NetworkManager, firewalld tries to
As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set.
- You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file.
+ You should do it only if there's no @IFCFGDIR@/ifcfg-interface file.
If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
Please also have a look at the firewalld1 man page in the Concepts section.
For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5.
diff --git a/doc/xml/firewallctl.xml b/doc/xml/firewallctl.xml.in
similarity index 99%
rename from doc/xml/firewallctl.xml
rename to doc/xml/firewallctl.xml.in
index 30be89f0..1c6d2f22 100644
--- a/doc/xml/firewallctl.xml
+++ b/doc/xml/firewallctl.xml.in
@@ -601,7 +601,7 @@
As a end user you don't need to create or change zone bindings of interfaces in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set.
- You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file.
+ You should do it only if there's no @IFCFGDIR@/ifcfg-interface file.
If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
Please also have a look at the firewalld1 man page in the Concepts section.
For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5.
diff --git a/doc/xml/firewalld.xml b/doc/xml/firewalld.xml.in
similarity index 98%
rename from doc/xml/firewalld.xml
rename to doc/xml/firewalld.xml.in
index f14c3034..de802059 100644
--- a/doc/xml/firewalld.xml
+++ b/doc/xml/firewalld.xml.in
@@ -130,7 +130,7 @@
You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface.
- If there is a /etc/sysconfig/network-scripts/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file.
+ If there is a @IFCFGDIR@/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file.
If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces.
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
index a389c8bf..9262f075 100644
--- a/src/firewall/config/__init__.py.in
+++ b/src/firewall/config/__init__.py.in
@@ -88,7 +88,7 @@ FIREWALLD_DIRECT = ETC_FIREWALLD + '/direct.xml'
LOCKDOWN_WHITELIST = ETC_FIREWALLD + '/lockdown-whitelist.xml'
SYSCONFIGDIR = '/etc/sysconfig'
-IFCFGDIR = SYSCONFIGDIR + '/network-scripts'
+IFCFGDIR = "@IFCFGDIR@"
SYSCTL_CONFIG = '/etc/sysctl.conf'
diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
index 0b049a64..b645ef37 100644
--- a/src/firewall/core/fw_ifcfg.py
+++ b/src/firewall/core/fw_ifcfg.py
@@ -36,13 +36,6 @@ def search_ifcfg_of_interface(interface):
if not os.path.exists(config.IFCFGDIR):
return None
- filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
- if os.path.exists(filename):
- ifcfg_file = ifcfg(filename)
- ifcfg_file.read()
- if ifcfg_file.get("DEVICE") == interface:
- return ifcfg_file
-
for filename in sorted(os.listdir(config.IFCFGDIR)):
if not filename.startswith("ifcfg-"):
continue
@@ -57,6 +50,13 @@ def search_ifcfg_of_interface(interface):
if ifcfg_file.get("DEVICE") == interface:
return ifcfg_file
+ # Wasn't found above, so assume filename matches the device we want
+ filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
+ if os.path.exists(filename):
+ ifcfg_file = ifcfg(filename)
+ ifcfg_file.read()
+ return ifcfg_file
+
return None
def ifcfg_set_zone_of_interface(zone, interface):