diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2016-08-23 16:44:28 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2016-08-31 14:44:02 +0200 |
| commit | c39e03edbf8d2ce4dd49504229487d0a714e4b17 (patch) | |
| tree | 7d1d338f2bd894f16c6791018d2a93ffcbbdfc85 | |
| parent | d2550cef44c58463d4d2627c3177d493bac23a00 (diff) | |
| download | NetworkManager-c39e03edbf8d2ce4dd49504229487d0a714e4b17.tar.gz | |
device: manage firewall zone for assumed persistent connections
After the fix in [1], if the connection is assumed we don't update its
firewall zone. The goal of that change was to prevent NM from
interfering with the configuration done externally on devices not
created by NM.
However if there is an assumed persistent connection active on the
device NM touches the configuration in other ways, for example it
configures DHCP and manages the default route. So it seems correct to
also update the firewall zone.
OTOH, if the connection is assumed-generated there is no persistent
connection specifying a firewall zone and updating it makes no sense.
Bug [1] was about not interfering with devices unknown to NM (for
which there is no persistent connection) and so this change should not
conflict with the previous fix.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1098281
https://bugzilla.redhat.com/show_bug.cgi?id=1366288
| -rw-r--r-- | src/devices/nm-device.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 693058e9ff..37ab0f26c9 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -7011,7 +7011,7 @@ nm_device_activate_schedule_stage3_ip_config_start (NMDevice *self) s_con = nm_connection_get_setting_connection (connection); if (!priv->fw_ready) { - if (nm_device_uses_assumed_connection (self)) + if (nm_device_uses_generated_assumed_connection (self)) priv->fw_ready = TRUE; else { if (!priv->fw_call) { @@ -10187,8 +10187,8 @@ nm_device_update_firewall_zone (NMDevice *self) return; s_con = nm_connection_get_setting_connection (applied_connection); - if ( nm_device_get_state (self) == NM_DEVICE_STATE_ACTIVATED - && !nm_device_uses_assumed_connection (self)) { + if ( nm_device_get_state (self) == NM_DEVICE_STATE_ACTIVATED + && !nm_device_uses_generated_assumed_connection (self)) { nm_firewall_manager_add_or_change_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (self), nm_setting_connection_get_zone (s_con), @@ -10679,7 +10679,7 @@ _cleanup_generic_pre (NMDevice *self, CleanupType cleanup_type) connection = nm_device_get_applied_connection (self); if ( cleanup_type == CLEANUP_TYPE_DECONFIGURE && connection - && !nm_device_uses_assumed_connection (self)) { + && !nm_device_uses_generated_assumed_connection (self)) { nm_firewall_manager_remove_from_zone (nm_firewall_manager_get (), nm_device_get_ip_iface (self), NULL, @@ -11380,7 +11380,7 @@ _set_state_full (NMDevice *self, if ( applied_connection && priv->ifindex != priv->ip_ifindex - && !nm_device_uses_assumed_connection (self)) { + && !nm_device_uses_generated_assumed_connection (self)) { NMSettingConnection *s_con; const char *zone; |