Merge "We don't need the final drop rule anymore"

2022-09-30 18:51:06 +00:00 · 2022-09-30 18:51:06 +00:00 · 2fb7c2c7e2
commit 2fb7c2c7e2
parent fcac9a74e0 859016ae58
3 changed files with 7 additions and 9 deletions
--- a/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml
@ -71,7 +71,7 @@ tripleo_firewall_default_rules:
    state:
      - NEW
    destination: 'fe80::/64'
-  '998 log all':
+  '999 log all':
    proto: all
    jump: LOG
    limit: 20/min
@ -80,6 +80,3 @@ tripleo_firewall_default_rules:
    nft_flags: 'all'
    nft_prefix: 'DROPPING: '
    state: []
-  '999 drop all':
-    proto: all
-    action: drop
--- a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml
+++ b/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml
@ -20,3 +20,8 @@
  roles:
    - role: "tripleo_firewall"
      tripleo_firewall_engine: 'nftables'
+  tasks:
+    - name: Clean everything nftables related
+      import_role:
+        name: tripleo_nftables
+        tasks_from: cleanup.yaml
--- a/tripleo_ansible/roles/tripleo_nftables/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_nftables/defaults/main.yml
@ -58,8 +58,4 @@ tripleo_nftables_rules:
      flags: 'all'
      prefix: 'DROPPING: '
      state: []
-    rule_name: 998 log all
-  - rule:
-      action: drop
-      proto: all
-    rule_name: 999 drop all
+    rule_name: 999 log all