Fix up puppet dependencies for firewall rules
Ensure that the custom firewall chains are present before trying to flush them. This requires that we remove what we believe is an unnecessary depencency between the custom firewall chains/rules and the normal puppet-configured firewall chains/rules. Change-Id: I939c6fecbf4b4fa3d4821025efd96d715f06eb1b Story: 2002843 Task: 22791 Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
This commit is contained in:
parent
b8bb709f18
commit
93db17d455
@ -264,6 +264,10 @@ class platform::firewall::custom (
|
|||||||
'ipv4' => 'iptables-restore',
|
'ipv4' => 'iptables-restore',
|
||||||
'ipv6' => 'ip6tables-restore'}
|
'ipv6' => 'ip6tables-restore'}
|
||||||
|
|
||||||
|
platform::firewall::hooks { '::platform:firewall:hooks':
|
||||||
|
version => $version,
|
||||||
|
} ->
|
||||||
|
|
||||||
exec { 'Flush firewall custom pre rules':
|
exec { 'Flush firewall custom pre rules':
|
||||||
command => "iptables --flush INPUT-custom-pre",
|
command => "iptables --flush INPUT-custom-pre",
|
||||||
} ->
|
} ->
|
||||||
@ -334,17 +338,10 @@ class platform::firewall::oam (
|
|||||||
|
|
||||||
if $rules_file {
|
if $rules_file {
|
||||||
|
|
||||||
platform::firewall::hooks { '::platform:firewall:hooks':
|
|
||||||
version => $version,
|
|
||||||
}
|
|
||||||
|
|
||||||
class { '::platform::firewall::custom':
|
class { '::platform::firewall::custom':
|
||||||
version => $version,
|
version => $version,
|
||||||
rules_file => $rules_file,
|
rules_file => $rules_file,
|
||||||
}
|
}
|
||||||
|
|
||||||
# ensure custom rules are applied before system rules
|
|
||||||
Class['::platform::firewall::custom'] -> Firewall <| |>
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user