diff --git a/libnetwork/iptables/firewalld.go b/libnetwork/iptables/firewalld.go index e9fa0bf6b6..a09d78e7f5 100644 --- a/libnetwork/iptables/firewalld.go +++ b/libnetwork/iptables/firewalld.go @@ -268,16 +268,16 @@ func (fwd *firewalldConnection) setupDockerZone() error { return nil } -// AddInterfaceFirewalld adds the interface to the trusted zone. It is a -// no-op if firewalld is not running. -func AddInterfaceFirewalld(intf string) error { - if !firewalld.isRunning() { +// addInterface adds the interface to the trusted zone. It is a no-op if +// firewalld is not running or firewalldConnection not initialized. +func (fwd *firewalldConnection) addInterface(intf string) error { + if !fwd.isRunning() { return nil } var intfs []string // Check if interface is already added to the zone - if err := firewalld.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil { + if err := fwd.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil { return err } // Return if interface is already part of the zone @@ -288,16 +288,16 @@ func AddInterfaceFirewalld(intf string) error { log.G(context.TODO()).Debugf("Firewalld: adding %s interface to %s zone", intf, dockerZone) // Runtime - if err := firewalld.sysObj.Call(dbusInterface+".zone.addInterface", 0, dockerZone, intf).Err; err != nil { + if err := fwd.sysObj.Call(dbusInterface+".zone.addInterface", 0, dockerZone, intf).Err; err != nil { return err } return nil } -// DelInterfaceFirewalld removes the interface from the trusted zone It is a -// no-op if firewalld is not running. -func DelInterfaceFirewalld(intf string) error { - if !firewalld.isRunning() { +// delInterface removes the interface from the trusted zone It is a no-op if +// firewalld is not running or firewalldConnection not initialized. +func (fwd *firewalldConnection) delInterface(intf string) error { + if !fwd.isRunning() { return nil } @@ -319,6 +319,18 @@ func DelInterfaceFirewalld(intf string) error { return nil } +// AddInterfaceFirewalld adds the interface to the trusted zone. It is a +// no-op if firewalld is not running. +func AddInterfaceFirewalld(intf string) error { + return firewalld.addInterface(intf) +} + +// DelInterfaceFirewalld removes the interface from the trusted zone It is a +// no-op if firewalld is not running. +func DelInterfaceFirewalld(intf string) error { + return firewalld.delInterface(intf) +} + type interfaceNotFound struct{ error } func (interfaceNotFound) NotFound() {} diff --git a/libnetwork/iptables/firewalld_test.go b/libnetwork/iptables/firewalld_test.go index d715d19f81..62490153a0 100644 --- a/libnetwork/iptables/firewalld_test.go +++ b/libnetwork/iptables/firewalld_test.go @@ -112,4 +112,12 @@ func TestFirewalldUninitialized(t *testing.T) { if fwd.isRunning() { t.Error("did not expect an uninitialized firewalldConnection to be running") } + err := fwd.addInterface("anything") + if err != nil { + t.Errorf("unexpected error when calling addInterface on an uninitialized firewalldConnection: %v", err) + } + err = fwd.delInterface("anything") + if err != nil { + t.Errorf("unexpected error when calling delInterface on an uninitialized firewalldConnection: %v", err) + } } diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go index 4483a2cf38..7a5cfcf1f1 100644 --- a/libnetwork/iptables/iptables.go +++ b/libnetwork/iptables/iptables.go @@ -206,11 +206,11 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode // Either add or remove the interface from the firewalld zone, if firewalld is running. if enable { - if err := AddInterfaceFirewalld(bridgeName); err != nil { + if err := firewalld.addInterface(bridgeName); err != nil { return err } } else { - if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) { + if err := firewalld.delInterface(bridgeName); err != nil && !errdefs.IsNotFound(err) { return err } }