From 46b6cc4f766a86d283bc5c2020f4cbe3bbca1f11 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Fri, 21 Nov 2025 09:31:20 +0100
Subject: [PATCH] nodepool-base: Mask firewalld unit

Rocky9/10 in OpenDev seems to use firewalld instead of iptables.service

iptables.service enablement doesn't seem to work if firewalld.service
is enabled as well

Change-Id: I1d6feb0de26e2cf5ed75a619b81e97a6d66da090
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
---
 dib-elements/nodepool-base/post-install.d/20-iptables | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dib-elements/nodepool-base/post-install.d/20-iptables b/dib-elements/nodepool-base/post-install.d/20-iptables
index c0bad29..2e03253 100755
--- a/dib-elements/nodepool-base/post-install.d/20-iptables
+++ b/dib-elements/nodepool-base/post-install.d/20-iptables
@@ -40,6 +40,8 @@ case "$DIB_INIT_SYSTEM" in
         # nothing to do
         ;;
     systemd)
+        # Make sure firewalld is masked and won't be started
+        systemctl mask firewalld.service
         if [[ "$DISTRO_NAME" == 'gentoo' ]] ; then
             for service in ${service_name}; do
                 systemctl enable "${service}-restore.service"