network: firewalld: add zone for routed networks

This zone will be used for the routed network by default.

Note that this zone definition omits "forward" aka intra-zone
forwarding, because it requires firewalld >= 0.9.0.

Signed-off-by: Eric Garver <eric@garver.life>
Reviewed-by: Laine Stump <laine@redhat.com>

libvirt.spec.in

@@ -1914,6 +1914,7 @@ exit 0
 
 %if %{with_firewalld_zone}
 %{_prefix}/lib/firewalld/zones/libvirt.xml
+%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
 %endif
 
 %files daemon-driver-nodedev

src/network/libvirt-routed.zone

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+  <short>libvirt-routed</short>
+
+  <description>
+    This zone is intended to be used only by routed libvirt virtual networks -
+    libvirt will add the bridge devices for all new virtual networks to this
+    zone by default.
+  </description>
+</zone>

src/network/meson.build

@@ -101,5 +101,10 @@ if conf.has('WITH_NETWORK')
       install_dir: prefix / 'lib' / 'firewalld' / 'zones',
       rename: [ 'libvirt.xml' ],
     )
+    install_data(
+      'libvirt-routed.zone',
+      install_dir: prefix / 'lib' / 'firewalld' / 'zones',
+      rename: [ 'libvirt-routed.xml' ],
+    )
   endif
 endif