#!/bin/sh

if [ $# -eq 0 ] ; then
    # Convenience functionality to set firewall zone for all
    # active interfaces
    UP=$(ip addr show | grep ' UP ' | cut -d' ' -d: -f2)
    for interface in ${UP} ; do
	$0 ${interface} up
    done
    grep $0 /var/log/messages | tail
    exit
fi
(
    ZONE=
    if [ "$2" == "up" ] ; then
	for zone in /etc/firewalld/zones/* ; do
	    if [ -x $p/trigger ] ; then
		${zone}/trigger $1
		RES=$?
		if [ ${RES} -eq 0 ] ; then
		    if [ -z "${ZONE}" ] ; then
			ZONE=$(/usr/bin/basename ${zone})
		    else
			echo "$1 belongs to multiple zones"
			exit 1
		    fi
		fi
	    fi
	done
	if [ -n "${ZONE}" ] ; then
     	    echo "Moving $1 to zone ${ZONE}"
	    /usr/bin/firewall-cmd --zone "${ZONE}" --change-interface $1
	    firewall-cmd --get-active-zones
	fi
    fi
) 2>&1 | logger -t "$0"