39 lines
1.5 KiB
Diff
39 lines
1.5 KiB
Diff
From 0704ea3fef79cc1532f913ac1598e297016e1905 Mon Sep 17 00:00:00 2001
|
|
From: Eric Garver <eric@garver.life>
|
|
Date: Thu, 10 Aug 2023 08:43:03 -0400
|
|
Subject: [PATCH 15/17] v1.2.0: fix(nftables): always flush main table on start
|
|
|
|
On start created_tables will not contain the main "firewalld" table so a
|
|
flush command is not issued. We should always attempt to flush. If
|
|
CleanupOnExit=no, then not flushing causes duplicate rules on restart.
|
|
|
|
Fixes: rhbz2222044
|
|
(cherry picked from commit 6a155ea7195f2c720625e2452afa41544b4b4227)
|
|
---
|
|
src/firewall/core/nftables.py | 6 ++----
|
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
index 1959bdce73be..e3e06d75f663 100644
|
|
--- a/src/firewall/core/nftables.py
|
|
+++ b/src/firewall/core/nftables.py
|
|
@@ -427,13 +427,11 @@ class nftables(object):
|
|
self.policy_priority_counts = {}
|
|
self.zone_source_index_cache = {}
|
|
|
|
- rules = []
|
|
for family in ["inet", "ip", "ip6"]:
|
|
if TABLE_NAME in self.created_tables[family]:
|
|
- rules.append({"delete": {"table": {"family": family,
|
|
- "name": TABLE_NAME}}})
|
|
self.created_tables[family].remove(TABLE_NAME)
|
|
- return rules
|
|
+
|
|
+ return self._build_delete_table_rules(TABLE_NAME)
|
|
|
|
def _build_set_policy_rules_ct_rules(self, enable):
|
|
add_del = { True: "add", False: "delete" }[enable]
|
|
--
|
|
2.39.3
|
|
|