|
 |
79c5fd |
From d951e7c7d64c0378424b8b2edd406ae9eaa73ec1 Mon Sep 17 00:00:00 2001
|
|
|
79c5fd |
From: "David Kaspar [Dee'Kej]" <dkaspar@redhat.com>
|
|
|
79c5fd |
Date: Wed, 6 Jun 2018 19:19:11 +0200
|
|
|
79c5fd |
Subject: [PATCH] network-scripts: setting of firewall ZONE fixed
|
|
|
79c5fd |
|
|
|
79c5fd |
For currently unknown reason the dbus-send calls will fail to set the
|
|
|
79c5fd |
firewall zone for the given interface if we omit the --print-reply
|
|
|
79c5fd |
option...
|
|
|
79c5fd |
|
|
|
79c5fd |
This looks like some kind of race-condition in dbus-send, since the
|
|
|
79c5fd |
--print-reply makes the call synchronous and slower.
|
|
|
79c5fd |
|
|
|
79c5fd |
Hopefully this is only a temporary workaround until DBus is fixed.
|
|
|
79c5fd |
|
|
|
79c5fd |
Resolves: #1586284
|
|
|
79c5fd |
---
|
|
|
79c5fd |
sysconfig/network-scripts/ifdown-post | 4 ++--
|
|
|
79c5fd |
sysconfig/network-scripts/ifup-eth | 3 ++-
|
|
|
79c5fd |
sysconfig/network-scripts/ifup-post | 4 ++--
|
|
|
79c5fd |
3 files changed, 6 insertions(+), 5 deletions(-)
|
|
|
79c5fd |
|
|
|
79c5fd |
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post
|
|
|
79c5fd |
index 9db16ad3..48a57ae4 100755
|
|
|
79c5fd |
--- a/sysconfig/network-scripts/ifdown-post
|
|
|
79c5fd |
+++ b/sysconfig/network-scripts/ifdown-post
|
|
|
79c5fd |
@@ -53,9 +53,9 @@ if ! check_default_route ; then
|
|
|
79c5fd |
fi
|
|
|
79c5fd |
fi
|
|
|
79c5fd |
|
|
|
79c5fd |
-# Reset firewall ZONE to "default":
|
|
|
79c5fd |
+# Reset firewall zone (empty ZONE means default):
|
|
|
79c5fd |
if [ "${REALDEVICE}" != "lo" ]; then
|
|
|
79c5fd |
- dbus-send --system --dest=org.fedoraproject.FirewallD1 \
|
|
|
79c5fd |
+ dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \
|
|
|
79c5fd |
/org/fedoraproject/FirewallD1 \
|
|
|
79c5fd |
org.fedoraproject.FirewallD1.zone.removeInterface \
|
|
|
79c5fd |
string: "" string:"${DEVICE}" \
|
|
|
79c5fd |
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
|
|
|
79c5fd |
index bee5c4f0..ab59244a 100755
|
|
|
79c5fd |
--- a/sysconfig/network-scripts/ifup-eth
|
|
|
79c5fd |
+++ b/sysconfig/network-scripts/ifup-eth
|
|
|
79c5fd |
@@ -339,7 +339,8 @@ fi
|
|
|
79c5fd |
/etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG}
|
|
|
79c5fd |
if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then
|
|
|
79c5fd |
|
|
|
79c5fd |
- # Assign interface into a firewalld zone so we can obtain the IPv6 via DHCPv6:
|
|
|
79c5fd |
+ # Assign interface into a firewalld zone so we can
|
|
|
79c5fd |
+ # obtain the IPv6 via DHCPv6 (empty ZONE means default):
|
|
|
79c5fd |
if [ "${REALDEVICE}" != "lo" ]; then
|
|
|
79c5fd |
dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \
|
|
|
79c5fd |
/org/fedoraproject/FirewallD1 \
|
|
|
79c5fd |
diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
|
|
|
79c5fd |
index c9d91700..c002503f 100755
|
|
|
79c5fd |
--- a/sysconfig/network-scripts/ifup-post
|
|
|
79c5fd |
+++ b/sysconfig/network-scripts/ifup-post
|
|
|
79c5fd |
@@ -132,9 +132,9 @@ if [ "$2" = "boot" -a \
|
|
|
79c5fd |
fi
|
|
|
79c5fd |
fi
|
|
|
79c5fd |
|
|
|
79c5fd |
-# Set firewall ZONE for this device (empty means default):
|
|
|
79c5fd |
+# Set firewall ZONE for this device (empty ZONE means default):
|
|
|
79c5fd |
if [ "${REALDEVICE}" != "lo" ]; then
|
|
|
79c5fd |
- dbus-send --system --dest=org.fedoraproject.FirewallD1 \
|
|
|
79c5fd |
+ dbus-send --print-reply --system --dest=org.fedoraproject.FirewallD1 \
|
|
|
79c5fd |
/org/fedoraproject/FirewallD1 \
|
|
|
79c5fd |
org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
|
|
|
79c5fd |
string:"${ZONE}" string:"${DEVICE}" \
|
|
|
79c5fd |
--
|
|
|
79c5fd |
2.14.4
|
|
|
79c5fd |
|