Merge pull request #46304 from thaJeztah/libnetwork_add_del_checkfirewalld
libnetwork/iptables: (Add|Del)InterfaceFirewalld: check firewalld status
This commit is contained in:
Sebastiaan van Stijn
GitHub
commit
713066accc
2 changed files with 20 additions and 12 deletions
|
|
@ -243,8 +243,13 @@ func setupDockerZone() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// AddInterfaceFirewalld adds the interface to the trusted zone
|
||||
// AddInterfaceFirewalld adds the interface to the trusted zone. It is a
|
||||
// no-op if firewalld is not running.
|
||||
func AddInterfaceFirewalld(intf string) error {
|
||||
if !firewalldRunning {
|
||||
return nil
|
||||
}
|
||||
|
||||
var intfs []string
|
||||
// Check if interface is already added to the zone
|
||||
if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
|
||||
|
|
@ -264,8 +269,13 @@ func AddInterfaceFirewalld(intf string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// DelInterfaceFirewalld removes the interface from the trusted zone
|
||||
// DelInterfaceFirewalld removes the interface from the trusted zone It is a
|
||||
// no-op if firewalld is not running.
|
||||
func DelInterfaceFirewalld(intf string) error {
|
||||
if !firewalldRunning {
|
||||
return nil
|
||||
}
|
||||
|
||||
var intfs []string
|
||||
// Check if interface is part of the zone
|
||||
if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
|
||||
|
|
|
|||
|
|
@ -203,16 +203,14 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
|
|||
return errors.New("could not program chain, missing chain name")
|
||||
}
|
||||
|
||||
// Either add or remove the interface from the firewalld zone
|
||||
if firewalldRunning {
|
||||
if enable {
|
||||
if err := AddInterfaceFirewalld(bridgeName); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
// Either add or remove the interface from the firewalld zone, if firewalld is running.
|
||||
if enable {
|
||||
if err := AddInterfaceFirewalld(bridgeName); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue