fix if interface already in a firewalld zone
This commit is contained in:
garywill
parent
3b036f4781
commit
7ffd74d4eb
29
lnxrouter
29
lnxrouter
|
|
@ -252,6 +252,7 @@ define_global_variables(){
|
||||||
NM_UNM_LIST= # it's called "list" but for now one interface
|
NM_UNM_LIST= # it's called "list" but for now one interface
|
||||||
NM_PID=
|
NM_PID=
|
||||||
FIREWALLD_PID=
|
FIREWALLD_PID=
|
||||||
|
OLD_FIREWALLD_ZONE=
|
||||||
TMP_FIREWALLD_ZONE=
|
TMP_FIREWALLD_ZONE=
|
||||||
KEEP_CONFDIR=
|
KEEP_CONFDIR=
|
||||||
}
|
}
|
||||||
|
|
@ -1006,18 +1007,28 @@ is_firewalld_running() {
|
||||||
FIREWALLD_PID= # cancel value if treat as not running
|
FIREWALLD_PID= # cancel value if treat as not running
|
||||||
return 1 # not running
|
return 1 # not running
|
||||||
}
|
}
|
||||||
firewalld_add_tmpzone() {
|
firewalld_addto_tmptrustedzone() {
|
||||||
# TMP_FIREWALLD_ZONE="lrt${$}${SUBNET_IFACE}"
|
OLD_FIREWALLD_ZONE="$(firewall-cmd --get-zone-of-interface=$SUBNET_IFACE 2>/dev/null)"
|
||||||
TMP_FIREWALLD_ZONE="trusted"
|
[[ "$OLD_FIREWALLD_ZONE" == 'trusted' ]] && return
|
||||||
# firewall-cmd --new-zone=$TMP_FIREWALLD_ZONE || die "Failed creating temporary firewalld zone"
|
|
||||||
|
TMP_FIREWALLD_ZONE="trusted" # need subnet interface into this zone during linux-router working
|
||||||
|
if [[ -n "$OLD_FIREWALLD_ZONE" ]]; then
|
||||||
|
echo "Getting $SUBNET_IFACE out from firewalld zone '$OLD_FIREWALLD_ZONE' ..."
|
||||||
|
firewall-cmd --zone=$OLD_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null || die "Failed removing $SUBNET_IFACE from firewalld '$OLD_FIREWALLD_ZONE' zone"
|
||||||
|
fi
|
||||||
echo "Adding $SUBNET_IFACE to firewalld '$TMP_FIREWALLD_ZONE' zone"
|
echo "Adding $SUBNET_IFACE to firewalld '$TMP_FIREWALLD_ZONE' zone"
|
||||||
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null || die "Failed adding interface to firewalld temporary zone"
|
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null || die "Failed adding interface to firewalld temporary '$TMP_FIREWALLD_ZONE' zone"
|
||||||
|
|
||||||
}
|
}
|
||||||
firewalld_del_tmpzone() {
|
firewalld_restoreoldzone() {
|
||||||
if [[ -n "$TMP_FIREWALLD_ZONE" ]];then
|
if [[ -n "$TMP_FIREWALLD_ZONE" ]];then
|
||||||
echo "Removing $SUBNET_IFACE from firewalld '$TMP_FIREWALLD_ZONE' zone"
|
echo "Removing $SUBNET_IFACE from firewalld '$TMP_FIREWALLD_ZONE' zone"
|
||||||
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null
|
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null
|
||||||
# firewall-cmd --delete-zone=$TMP_FIREWALLD_ZONE
|
|
||||||
|
if [[ -n "$OLD_FIREWALLD_ZONE" ]]; then
|
||||||
|
echo "Restoring $SUBNET_IFACE to firewalld '$OLD_FIREWALLD_ZONE' zone"
|
||||||
|
firewall-cmd --zone=$OLD_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1394,7 +1405,7 @@ _cleanup() {
|
||||||
|
|
||||||
ip link set down dev "${SUBNET_IFACE}"
|
ip link set down dev "${SUBNET_IFACE}"
|
||||||
|
|
||||||
firewalld_del_tmpzone
|
firewalld_restoreoldzone
|
||||||
|
|
||||||
if [[ $VWIFI_IFACE ]]; then # the subnet interface (virtual wifi interface) will be removed
|
if [[ $VWIFI_IFACE ]]; then # the subnet interface (virtual wifi interface) will be removed
|
||||||
iw dev "${VWIFI_IFACE}" del
|
iw dev "${VWIFI_IFACE}" del
|
||||||
|
|
@ -2424,7 +2435,7 @@ fi
|
||||||
|
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
is_firewalld_running && firewalld_add_tmpzone
|
is_firewalld_running && firewalld_addto_tmptrustedzone
|
||||||
|
|
||||||
|
|
||||||
echo
|
echo
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue