From 3f62620b7fe6281c734abb09081976a49594b7d9 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 7 Jul 2014 19:16:42 +0200
Subject: [PATCH] - Added Fedora server zone with cockpit enabled
 (RHBZ#1110711) - Added Fedora workstation zone(RHBZ#1113775)

---
 fedora-server.xml      |  8 ++++++++
 fedora-workstation.xml | 10 ++++++++++
 firewalld.spec         |  8 ++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 fedora-server.xml
 create mode 100644 fedora-workstation.xml

diff --git a/fedora-server.xml b/fedora-server.xml
new file mode 100644
index 0000000..617e131
--- /dev/null
+++ b/fedora-server.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+  <short>Public</short>
+  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+  <service name="ssh"/>
+  <service name="dhcpv6-client"/>
+  <service name="cockpit"/>
+</zone>
diff --git a/fedora-workstation.xml b/fedora-workstation.xml
new file mode 100644
index 0000000..d29d550
--- /dev/null
+++ b/fedora-workstation.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+  <short>Fedora Workstation</short>
+  <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
+  <service name="dhcpv6-client"/>
+  <service name="ssh"/>
+  <service name="samba-client"/>
+  <port protocol="udp" port="1025-65535"/>
+  <port protocol="tcp" port="1025-65535"/>
+</zone>
diff --git a/firewalld.spec b/firewalld.spec
index 1759d6f..0f58e80 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -6,6 +6,8 @@ URL: http://fedorahosted.org/firewalld
 License: GPLv2+
 Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
 %if 0%{?fedora}
+Source1: fedora-server.xml
+Source2: fedora-workstation.xml
 Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
 BuildArch: noarch
@@ -108,6 +110,10 @@ desktop-file-install --delete-original \
   --dir %{buildroot}%{_datadir}/applications \
   %{buildroot}%{_datadir}/applications/firewall-config.desktop
 
+install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
+install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/fedora-server.xml
+install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/fedora-workstation.xml
+
 %if 0%{?fedora} > 20
 # standard firewalld.conf
 mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
@@ -297,6 +303,8 @@ fi
 * Mon Jul  7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-3
 - New support for Fedora per-product configuration settings for Fedora.next
   https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft
+- Added Fedora server zone (RHBZ#1110711)
+- Added Fedora workstation zone(RHBZ#1113775)
 
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild