2023-05-21 Fred Gleason <fredg@paravelsystems.com>

* Added a 'rivendell' service for firewalld(1). Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-05-19 14:43:30 +02:00 · 2023-05-21 09:42:30 -04:00 · 2023-05-21 09:42:30 -04:00 · b9c2c8a9b6
commit b9c2c8a9b6
parent 7994f72c5b
6 changed files with 74 additions and 1 deletions
--- a/2
+++ b/2
@ -24054,3 +24054,5 @@
 2023-04-29 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a bug where a pending hard start with a non-zero grace time
 	was not cleared properly during a log chain event.
+2023-05-21 Fred Gleason <fredg@paravelsystems.com>
+	* Added a 'rivendell' service for firewalld(1).
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@ -1,6 +1,6 @@
 ## Makefile.am
 ##
-## (C) Copyright 2002-2022 Fred Gleason <fredg@paravelsystems.com>
+## (C) Copyright 2002-2023 Fred Gleason <fredg@paravelsystems.com>
 ##
 ##   This program is free software; you can redistribute it and/or modify
 ##   it under the terms of the GNU General Public License version 2 as
@ -23,18 +23,25 @@ install-exec-am:
 	cp rd-bin.conf $(DESTDIR)/$(sysconfdir)/
 	mkdir -p $(DESTDIR)/etc/pam.d
 	cp @RIVENDELL_PAM_FILE@ $(DESTDIR)/etc/pam.d/rivendell
+	mkdir -p $(DESTDIR)/usr/lib/firewalld/services
+	cp rivendell-firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload

 uninstall:	
 	rm -f $(DESTDIR)/$(sysconfdir)/rd-bin.conf
 	rm -f $(DESTDIR)/etc/pam.d/rivendell
+	rm -f $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload

 EXTRA_DIST = asound.conf-sample\
+             firewalld.sh\
             logrotate-sample\
             rd-bin.conf.in\
             rd.conf-sample\
             rivendell-rhel.pam\
             rivendell-ubuntu.pam\
             rivendell-env.sh\
+             rivendell-firewalld.xml\
             rivendell-webapi.conf\
             syslog.conf-sample

--- a/conf/firewalld.sh
+++ b/conf/firewalld.sh
@ -0,0 +1,41 @@
+#!/bin/bash
+
+# firewalld.sh
+#
+#  Control firewalld
+#
+# (C) Copyright 2023 Fred Gleason <fredg@paravelsystems.com>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License version 2 as
+#   published by the Free Software Foundation.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+OPERATION=$1
+
+if test $UID -eq 0 ; then
+    if test -z $FAKEROOTKEY ; then
+	if test $OPERATION = "reload" ; then
+	    /bin/systemctl reload firewalld
+	fi
+	if test $OPERATION = "add" ; then
+	    /bin/firewall-cmd --zone=public --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --add-service=rivendell --permanent
+	fi
+	if test $OPERATION = "remove" ; then
+	    /bin/firewall-cmd --zone=public --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --remove-service=rivendell --permanent
+	fi
+    fi
+fi
--- a/conf/rd.conf-sample
+++ b/conf/rd.conf-sample
@ -199,6 +199,11 @@ TranscodingDelay=0
 ; meters. You should only change this if you have another service
 ; using UDP Port numbers in the range MeterPortBaseNumber to
 ; (MeterPortBaseNumber + MeterPortRange) (extremely rare).
+;
+; N.B. If you change either of these meter port settings, be sure to update
+;      the firewalld(8) settings in '/usr/lib/firewalld/services/rivendell.xml'
+;      as well.
+;
 ; MeterPortBaseNumber=30000

 ; Maximum number of UDP Ports to consider for VU meters. You may need
--- a/conf/rivendell-firewalld.xml
+++ b/conf/rivendell-firewalld.xml
@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Rivendell Radio Automation System</short>
+  <description>System for automating the capture, management and play-out of audio content.</description>
+  <port protocol="udp" port="2055"/>        <!-- Livewire GPIO Send -->
+  <port protocol="udp" port="2060"/>        <!-- Livewire GPIO Receive -->
+  <port protocol="udp" port="4001"/>        <!-- Livewire Adverts -->
+  <port protocol="tcp" port="5005"/>        <!-- IPC [caed(8)] -->
+  <port protocol="tcp" port="5006"/>        <!-- IPC [ripcd(8)] -->
+  <port protocol="udp" port="5858-5860"/>   <!-- RML [ripcd(8)] -->
+  <port protocol="udp" port="20539"/>       <!-- Mcast Notify [ripcd(8)] -->
+  <port protocol="udp" port="30000-30100"/> <!-- Meters [caed(8)] -->
+  <port protocol="tcp" port="34289"/>       <!-- PAD [ripcd(8)] -->
+</service>
--- a/rivendell.spec.in
+++ b/rivendell.spec.in
@ -274,6 +274,7 @@ if test ! -e /etc/rsyslog.d/rivendell.conf ; then
    cp @DOC_PATH@/syslog.conf-sample /etc/rsyslog.d/rivendell.conf
 fi
 /bin/systemctl restart rsyslog
+/bin/systemctl reload firewalld
 /usr/sbin/groupadd -r -g 151 pypad &>/dev/null || :
 /usr/sbin/useradd -o -u 151 -g pypad -s /bin/false -r -c "Rivendell PyPAD scripts" -d /dev/null pypad &>/dev/null || :
 exit 0
@ -298,6 +299,7 @@ if [ -x %{_bindir}/gtk-update-icon-cache ] ; then
  %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
 fi
 /bin/systemctl daemon-reload
+/bin/systemctl reload firewalld


 %clean
@ -503,6 +505,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/rivendell/html/*
 %{_datadir}/rivendell/apis
 %{_datadir}/rivendell/manpages
+/usr/lib/firewalld/services/rivendell.xml
+

 %files webapi
 %{_libdir}/librivwebcapi.so.@INTERFACE_RIVWEBCAPI_MAJOR@