Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / cbb15ab4921045abe0c36de112e719108eb9b294^! / . / meta-google / recipes-google / nftables / files / nftables.service
commitcbb15ab4921045abe0c36de112e719108eb9b294[log] [tgz]
authorWilliam A. Kennington III <wak@google.com>Fri Mar 12 18:19:01 2021 -0800
committerWilliam A. Kennington III <wak@google.com>Wed Mar 24 20:01:48 2021 +0000
tree0463cc76fff8f6b502281f43f5a12d34ff468fa1
parent6714373f115a916f5bd61bd96824f06d657f7bb1 [diff] [blame]
meta-google: nftables-systemd: Flush at start

We don't want errors in loading previous rules to affect the state of the
ruleset during restart.

Change-Id: Ic122e971670d56022029f1155c1accdf129672d0
Signed-off-by: William A. Kennington III <wak@google.com>

diff --git a/meta-google/recipes-google/nftables/files/nftables.service b/meta-google/recipes-google/nftables/files/nftables.service
index 79f0bb5..770a3d3 100644
--- a/meta-google/recipes-google/nftables/files/nftables.service
+++ b/meta-google/recipes-google/nftables/files/nftables.service

@@ -5,7 +5,7 @@
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/libexec/nft-configure.sh
-ExecStop=/bin/bash -c 'nft flush ruleset'
+ExecStop=/usr/sbin/nft flush ruleset
 
 [Install]
 WantedBy=multi-user.target