Description of problem: If the default zone is changed and firewalld is reloaded, it would be useful to signal NM via D-BUS to update itself. Version-Release number of selected component (if applicable): firewalld-0.2.4-1.fc17 NetworkManager-0.9.3.995-0.6.git20120314.fc17 How reproducible: Every time Steps to Reproduce: 1. Change the default zone in firewalld.conf 2. Issue firewall-cmd --reload Actual results: firewalld is updated, but existing NM connections remain on the old default zone. Expected results: All interfaces that are relying on the default zone should be updated automatically. Additional info:
Good point, thanks. However I don't think we need to inform NM about this change because for NM nothing changes. NM only tracks that an interface is in "default" zone but doesn't care which zone is this "default", see 'nmcli -f NAME,ZONE con status'. I think firewalld itself should take care of this, i.e. when it is reloaded it should should change the zone the interface belongs to if it has been the default one.
Created attachment 575187 [details] update interfaces in default zone after reload (In reply to comment #1) > I think firewalld itself should take care of this, i.e. when it is reloaded it > should change the zone the interface belongs to if it has been the > default one. With this patch if the default zone changes, the interfaces from old default zone are moved to the new one. It's not perfect (see the comment inside), but I've had no other idea so far.
Created attachment 576536 [details] update interfaces in default zone after reload (In reply to comment #2) > With this patch if the default zone changes, the interfaces from old default > zone are moved to the new one. It's not perfect (see the comment inside), but > I've had no other idea so far. This one seems to be OK.
Fixed upstream: http://git.fedorahosted.org/git/?p=firewalld.git;a=commitdiff;h=8d9af943cf227a6bbff996ba44654077e719b9ad
firewalld-0.2.5-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/firewalld-0.2.5-1.fc17
Package firewalld-0.2.5-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.2.5-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-6323/firewalld-0.2.5-1.fc17 then log in and leave karma (feedback).
firewalld-0.2.5-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.