From: Eric Garver <eric@garver.life>
Date: Thu, 22 Sep 2022 15:13:22 +0000 (-0400)
Subject: network: firewalld: add zone for routed networks
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=722b012166ecb836719eef3dd86ceda8f6eb3d23;p=libvirt.git

network: firewalld: add zone for routed networks

This zone will be used for the routed network by default.

Note that this zone definition omits "forward" aka intra-zone
forwarding, because it requires firewalld >= 0.9.0.

Signed-off-by: Eric Garver <eric@garver.life>
Reviewed-by: Laine Stump <laine@redhat.com>
---

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 0bbcdb8956..794dd43c59 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1914,6 +1914,7 @@ exit 0
 
 %if %{with_firewalld_zone}
 %{_prefix}/lib/firewalld/zones/libvirt.xml
+%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
 %endif
 
 %files daemon-driver-nodedev
diff --git a/src/network/libvirt-routed.zone b/src/network/libvirt-routed.zone
new file mode 100644
index 0000000000..ed7dd936a2
--- /dev/null
+++ b/src/network/libvirt-routed.zone
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+  <short>libvirt-routed</short>
+
+  <description>
+    This zone is intended to be used only by routed libvirt virtual networks -
+    libvirt will add the bridge devices for all new virtual networks to this
+    zone by default.
+  </description>
+</zone>
diff --git a/src/network/meson.build b/src/network/meson.build
index d5f9ba2254..a38dc147ac 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -101,5 +101,10 @@ if conf.has('WITH_NETWORK')
       install_dir: prefix / 'lib' / 'firewalld' / 'zones',
       rename: [ 'libvirt.xml' ],
     )
+    install_data(
+      'libvirt-routed.zone',
+      install_dir: prefix / 'lib' / 'firewalld' / 'zones',
+      rename: [ 'libvirt-routed.xml' ],
+    )
   endif
 endif