Change drop action

The new firewall rule action plugin was setting the rule state as absent when using the drop "action", this change updates that so we're adding drop rules and appending them to the rule chain. Change-Id: I5105c007d890ec98b34eafba3ab410bf9ba4f089 Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-12-18 08:35:50 -06:00 · 2019-12-18 08:35:50 -06:00 · 8f11437b1c
parent 4b55d53ba3
commit 8f11437b1c
1 changed files with 4 additions and 3 deletions
--- a/tripleo_ansible/ansible_plugins/action/tripleo_iptables.py
+++ b/tripleo_ansible/ansible_plugins/action/tripleo_iptables.py
@ -177,11 +177,12 @@ class ActionModule(ActionBase):

            action = rule_data['action'] = rule.get('action', 'insert')
            if action == 'drop':
-                rule_data['action'] = 'insert'
-                rule_data['state'] = 'absent'
+                rule_data['action'] = 'append'
+                rule_data['jump'] = rule.get('jump', 'DROP')
+            else:
+                rule_data['jump'] = rule.get('jump', 'ACCEPT')

            rule_data['chain'] = rule.get('chain', 'INPUT')
-            rule_data['jump'] = rule.get('jump', 'ACCEPT')
            rule_data['protocol'] = rule.get('proto', 'tcp')
            if 'table' in rule:
                rule_data['table'] = rule['table']