meta-google: nftables: Make rule loading atomic This ensures that all of the rules are processed and unexpected packets are not allowed or blocked by the kernel at any time. Change-Id: Ia7bb1d7f604f8ed1bd9759a23e370d20cb0c690d Signed-off-by: William A. Kennington III <wak@google.com>

commit: 7356f8ebcb6b0e4c06018c748b7c5771b41e007e [log] [tgz]
author: William A. Kennington III <wak@google.com> Wed Dec 15 02:21:52 2021 -0800
committer: William A. Kennington III <wak@google.com> Wed Dec 15 23:56:47 2021 +0000
tree: b25eb5ca71f9040d838b5276144e32d616315d91
parent: bdccd86cc18f9dba43fb488797f91d941035254f [diff] [blame]
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
index 677ef28..9d9f789 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in

@@ -88,7 +88,7 @@
   else
     printf '%s' "$nfcontents" >"$rfile"
   fi
-  systemctl reset-failed nftables && systemctl --no-block restart nftables || true
+  systemctl reset-failed nftables && systemctl --no-block reload-or-restart nftables || true
 }
 
 gbmc_ncsi_br_deprecated_ips_hook() {
commit	7356f8ebcb6b0e4c06018c748b7c5771b41e007e	[log] [tgz]
author	William A. Kennington III <wak@google.com>	Wed Dec 15 02:21:52 2021 -0800
committer	William A. Kennington III <wak@google.com>	Wed Dec 15 23:56:47 2021 +0000
tree	b25eb5ca71f9040d838b5276144e32d616315d91
parent	bdccd86cc18f9dba43fb488797f91d941035254f [diff] [blame]