--- trunk/qemu-networking/qemu-networking.in	2014/03/04 10:12:48	2594
+++ trunk/qemu-networking/qemu-networking.in	2014/03/04 10:15:02	2595
@@ -35,6 +35,16 @@
 		return 1
 	fi
 
+	if systemctl --quiet is-active firewalld
+	then
+		if [ ! -x $(type -P firewall-cmd) ]
+		then
+			logger -s -p daemon.err -t qemu-networking.service \
+				"No 'firewall-cmd' executable found, please install 'net-misc/firewalld'"
+			return 1
+		fi
+	fi
+
 	return 0
 }
 
@@ -47,15 +57,27 @@
 		ifconfig ${TAPDEV} ${VMROUTERIP} up
 
 		# maquerade and forward
-		sysctl -q -w net.ipv4.ip_forward=1
-		iptables -t nat -A POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE
+		if systemctl --quiet is-active firewalld
+		then
+			zone="$(firewall-cmd --get-zone-of-interface ${BRIDGEDEV})"
+			firewall-cmd --quiet --zone="${zone}" --add-masquerade
+		else
+			sysctl -q -w net.ipv4.ip_forward=1
+			iptables -t nat -A POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE
+		fi
 		;;
 
 	stop)
 		checkconfig || exit 6
 
 		# masquerade and forward
-		iptables -t nat -D POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE
+		if systemctl --quiet is-active firewalld
+		then
+			zone="$(firewall-cmd --get-zone-of-interface ${BRIDGEDEV})"
+			firewall-cmd --quiet --zone="${zone}" --remove-masquerade
+		else
+			iptables -t nat -D POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE
+		fi
 
 		# destroy interface
 		ifconfig ${TAPDEV} down