firewalld/SOURCES/0015-v1.2.0-fix-nftables-always-flush-main-table-on-start.patch

39 lines
1.5 KiB
Diff
Raw Permalink Normal View History

2024-03-27 19:39:57 +00:00
From 0704ea3fef79cc1532f913ac1598e297016e1905 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 10 Aug 2023 08:43:03 -0400
Subject: [PATCH 15/17] v1.2.0: fix(nftables): always flush main table on start
On start created_tables will not contain the main "firewalld" table so a
flush command is not issued. We should always attempt to flush. If
CleanupOnExit=no, then not flushing causes duplicate rules on restart.
Fixes: rhbz2222044
(cherry picked from commit 6a155ea7195f2c720625e2452afa41544b4b4227)
---
src/firewall/core/nftables.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index 1959bdce73be..e3e06d75f663 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -427,13 +427,11 @@ class nftables(object):
self.policy_priority_counts = {}
self.zone_source_index_cache = {}
- rules = []
for family in ["inet", "ip", "ip6"]:
if TABLE_NAME in self.created_tables[family]:
- rules.append({"delete": {"table": {"family": family,
- "name": TABLE_NAME}}})
self.created_tables[family].remove(TABLE_NAME)
- return rules
+
+ return self._build_delete_table_rules(TABLE_NAME)
def _build_set_policy_rules_ct_rules(self, enable):
add_del = { True: "add", False: "delete" }[enable]
--
2.39.3