add firewalld rule

2025-02-23 17:42:47 +00:00 · 2020-12-05 09:52:59 +00:00 · 2020-12-05 09:52:59 +00:00 · bb0a39dbbc
commit bb0a39dbbc
parent 1574ae261d
2 changed files with 12 additions and 0 deletions
--- a/docker-zone.xml
+++ b/docker-zone.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+  <short>docker</short>
+  <description>All network connections are accepted.</description>
+  <interface name="docker0"/>
+</zone>
--- a/docker.spec
+++ b/docker.spec
@ -23,6 +23,7 @@ Source0:	https://github.com/docker/docker-ce/archive/v%{version}.tar.gz?/%{name}
 Source1:	%{name}.service
 Source2:	%{name}.sysconfig
 Source3:	%{name}-storage.sysconfig
+Source5:	docker-zone.xml
 Source6:	%{name}-network.sysconfig
 Source7:	%{name}.socket
 Source8:	%{name}-network-cleanup.sh
@ -82,6 +83,7 @@ servers, OpenStack clusters, public instances, or combinations of the above.
 %dir %{_localstatedir}/lib/%{name}
 %{_udevrulesdir}/80-%{name}.rules
 %{_sysconfdir}/modules-load.d/overlay.conf
+%{_prefix}/lib/firewalld/zones/docker.xml

 %pre
 getent group %{name} > /dev/null || %{_sbindir}/groupadd -r %{name}
@ -243,6 +245,10 @@ install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storag
 install -d %{buildroot}%{_sbindir}
 install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/%{name}-network-cleanup

+# add firewalld zone (cf #1817022)
+install -dp %{buildroot}%{_prefix}/lib/firewalld/zones
+install -p -m 644 %{SOURCE5} %{buildroot}%{_prefix}/lib/firewalld/zones/docker.xml
+
 install -d %{buildroot}%{_presetdir}
 cat > %{buildroot}%{_presetdir}/86-%{name}.preset << EOF
 enable %{name}.socket