40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 6a155ea7195f2c720625e2452afa41544b4b4227 Mon Sep 17 00:00:00 2001
|
|
From: Eric Garver <eric@garver.life>
|
|
Date: Thu, 10 Aug 2023 08:43:03 -0400
|
|
Subject: [PATCH] fix(nftables): always flush main table on start
|
|
|
|
On start created_tables will not contain the main "firewalld" table so a
|
|
flush command is not issued. We should always attempt to flush. If
|
|
CleanupOnExit=no, then not flushing causes duplicate rules on restart.
|
|
|
|
Fixes: rhbz2222044
|
|
|
|
Conflict: NA
|
|
Reference: https://github.com/firewalld/firewalld/commit/6a155ea7195f2c720625e2452afa41544b4b4227
|
|
|
|
---
|
|
src/firewall/core/nftables.py | 5 +----
|
|
1 file changed, 1 insertion(+), 4 deletions(-)
|
|
|
|
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
|
index 975f1fa..f7f5bb0 100644
|
|
--- a/src/firewall/core/nftables.py
|
|
+++ b/src/firewall/core/nftables.py
|
|
@@ -410,12 +410,9 @@ class nftables(object):
|
|
self.policy_priority_counts = {}
|
|
self.zone_source_index_cache = {}
|
|
|
|
- rules = []
|
|
if TABLE_NAME in self.created_tables["inet"]:
|
|
- rules.append({"delete": {"table": {"family": "inet",
|
|
- "name": TABLE_NAME}}})
|
|
self.created_tables["inet"].remove(TABLE_NAME)
|
|
- return rules
|
|
+ return self._build_delete_table_rules(TABLE_NAME)
|
|
|
|
def _build_set_policy_rules_ct_rules(self, enable):
|
|
add_del = { True: "add", False: "delete" }[enable]
|
|
--
|
|
2.33.0
|
|
|