| commit | cbb15ab4921045abe0c36de112e719108eb9b294 | [log] [tgz] |
|---|---|---|
| author | William A. Kennington III <wak@google.com> | Fri Mar 12 18:19:01 2021 -0800 |
| committer | William A. Kennington III <wak@google.com> | Wed Mar 24 20:01:48 2021 +0000 |
| tree | 0463cc76fff8f6b502281f43f5a12d34ff468fa1 | |
| parent | 6714373f115a916f5bd61bd96824f06d657f7bb1 [diff] |
meta-google: nftables-systemd: Flush at start We don't want errors in loading previous rules to affect the state of the ruleset during restart. Change-Id: Ic122e971670d56022029f1155c1accdf129672d0 Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/nftables/files/nft-configure.sh b/meta-google/recipes-google/nftables/files/nft-configure.sh index a82c282..05bb23d 100644 --- a/meta-google/recipes-google/nftables/files/nft-configure.sh +++ b/meta-google/recipes-google/nftables/files/nft-configure.sh
@@ -9,6 +9,7 @@ let i+=1 done rc=0 +nft flush ruleset || rc=$? for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do echo "Executing ${basemap[$key]}" >&2 nft -f "${basemap[$key]}" || rc=$?
diff --git a/meta-google/recipes-google/nftables/files/nftables.service b/meta-google/recipes-google/nftables/files/nftables.service index 79f0bb5..770a3d3 100644 --- a/meta-google/recipes-google/nftables/files/nftables.service +++ b/meta-google/recipes-google/nftables/files/nftables.service
@@ -5,7 +5,7 @@ Type=oneshot RemainAfterExit=yes ExecStart=/usr/libexec/nft-configure.sh -ExecStop=/bin/bash -c 'nft flush ruleset' +ExecStop=/usr/sbin/nft flush ruleset [Install] WantedBy=multi-user.target