diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2020-05-05 10:54:10 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2020-05-06 11:40:41 +0200 |
| commit | 426f0b60ec12dab0b1df12b44e598a62c943c94c (patch) | |
| tree | 88bfe075387df2a96e41efd9513328990525f779 /data | |
| parent | 05fd2a9272faf8a57116d1624e1a32b4aa9f2994 (diff) | |
| download | NetworkManager-bg/shared-firewalld.tar.gz | |
core: install a firewalld zone for connection sharingbg/shared-firewalld
https://bugzilla.redhat.com/show_bug.cgi?id=1829637
Diffstat (limited to 'data')
| -rw-r--r-- | data/meson.build | 7 | ||||
| -rw-r--r-- | data/nm-shared.xml | 20 |
2 files changed, 27 insertions, 0 deletions
diff --git a/data/meson.build b/data/meson.build index de08c91c62..b713a03c5a 100644 --- a/data/meson.build +++ b/data/meson.build @@ -67,3 +67,10 @@ if enable_polkit install_dir: polkit_gobject_policydir, ) endif + +if enable_firewalld_zone + install_data( + 'nm-shared.xml', + install_dir: join_paths(nm_prefix, 'lib', 'firewalld', 'zones') + ) +endif diff --git a/data/nm-shared.xml b/data/nm-shared.xml new file mode 100644 index 0000000000..25e9cd8636 --- /dev/null +++ b/data/nm-shared.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<zone target="ACCEPT"> + <short>NM Shared</short> + + <description> + Zone for NetworkManager connection sharing. Block all traffic to + the local machine except ICMPv6, DHCP, ICMPv6 and DNS. Allow all + forwarded traffic. + </description> + + <rule priority='32767'> + <reject/> + </rule> + + <protocol value='icmp'/> + <protocol value='ipv6-icmp'/> + <service name="dhcp"/> + <service name="dns"/> + <masquerade/> +</zone> |