Because firewalld has no idea what interface is part of which zone
we need to inform it after it (re)starts what interface belongs to which
zone.
---
src/firewall-manager/nm-firewall-manager.c | 19 +++++++++++++++++
src/firewall-manager/nm-firewall-manager.h | 3 ++
src/nm-policy.c | 31 ++++++++++++++++++++++++++++
3 files changed, 53 insertions(+), 0 deletions(-)
diff --git a/src/firewall-manager/nm-firewall-manager.c
b/src/firewall-manager/nm-firewall-manager.c
index b2fd1ce..d9122af 100644
--- a/src/firewall-manager/nm-firewall-manager.c
+++ b/src/firewall-manager/nm-firewall-manager.c
@@ -47,6 +47,14 @@ typedef struct {
gboolean disposed;
} NMFirewallManagerPrivate;
+enum {
+ STARTED,
+
+ LAST_SIGNAL
+};
+
+static guint signals[LAST_SIGNAL] = { 0 };
+
/********************************************************************/
typedef struct {
@@ -204,6 +212,7 @@ name_owner_changed (NMDBusManager *dbus_mgr,
if (!old_owner_good && new_owner_good) {
nm_log_dbg (LOGD_FIREWALL, "firewall started");
set_running (self, TRUE);
+ g_signal_emit (self, signals[STARTED], 0);
} else if (old_owner_good && !new_owner_good) {
nm_log_dbg (LOGD_FIREWALL, "firewall stopped");
set_running (self, FALSE);
@@ -306,5 +315,15 @@ nm_firewall_manager_class_init (NMFirewallManagerClass
*klass)
"Available",
FALSE,
G_PARAM_READABLE));
+
+ signals[STARTED] =
+ g_signal_new ("started",
+ G_OBJECT_CLASS_TYPE (object_class),
+ G_SIGNAL_RUN_FIRST,
+ G_STRUCT_OFFSET
(NMFirewallManagerClass, started),
+ NULL, NULL,
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE, 0);
+
}
diff --git a/src/firewall-manager/nm-firewall-manager.h
b/src/firewall-manager/nm-firewall-manager.h
index b6d6da7..ffc6a30 100644
--- a/src/firewall-manager/nm-firewall-manager.h
+++ b/src/firewall-manager/nm-firewall-manager.h
@@ -47,6 +47,9 @@ typedef struct {
typedef struct {
GObjectClass parent;
+
+ /* Signals */
+ void (*started) (NMFirewallManager *manager);
} NMFirewallManagerClass;
GType nm_firewall_manager_get_type (void);
diff --git a/src/nm-policy.c b/src/nm-policy.c
index 12bb43a..c13506e 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -55,6 +55,7 @@ struct NMPolicy {
gulong vpn_deactivated_id;
NMFirewallManager *fw_manager;
+ gulong fw_started_id;
NMSettings *settings;
@@ -1326,6 +1327,32 @@ inform_firewall_about_zone (NMPolicy *policy,
NMConnection *connection)
}
static void
+firewall_started (NMFirewallManager *manager,
+ gpointer user_data)
+{
+ NMPolicy *policy = (NMPolicy *) user_data;
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ GSList *iter, *devices;
+
+ devices = nm_manager_get_devices (policy->manager);
+ for (iter = devices; iter; iter = g_slist_next (iter)) {
+ NMDevice *dev = NM_DEVICE (iter->data);
+
+ connection = get_device_connection (dev);
+ s_con = nm_connection_get_setting_connection (connection);
+ if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) {
+ nm_firewall_manager_add_to_zone (policy->fw_manager,
+ nm_device_get_ip_iface
(dev),
+
nm_setting_connection_get_zone (s_con),
+ add_to_zone_cb,
+ g_object_ref (dev),
+ NULL);
+ }
+ }
+}
+
+static void
connection_updated (NMSettings *settings,
NMConnection *connection,
gpointer user_data)
@@ -1456,6 +1483,9 @@ nm_policy_new (NMManager *manager,
policy->vpn_deactivated_id = id;
policy->fw_manager = nm_firewall_manager_get();
+ id = g_signal_connect (policy->fw_manager, "started",
+ G_CALLBACK (firewall_started), policy);
+ policy->fw_started_id = id;
_connect_manager_signal (policy, "state-changed", global_state_changed);
_connect_manager_signal (policy, "notify::" NM_MANAGER_HOSTNAME,
hostname_changed);
@@ -1501,6 +1531,7 @@ nm_policy_destroy (NMPolicy *policy)
g_signal_handler_disconnect (policy->vpn_manager,
policy->vpn_deactivated_id);
g_object_unref (policy->vpn_manager);
+ g_signal_handler_disconnect (policy->fw_manager, policy->fw_started_id);
g_object_unref (policy->fw_manager);
for (iter = policy->manager_ids; iter; iter = g_slist_next (iter))
--
1.7.7.6
_______________________________________________
networkmanager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
