Fix up puppet dependencies for firewall rules

Ensure that the custom firewall chains are present before trying to flush them. This requires that we remove what we believe is an unnecessary depencency between the custom firewall chains/rules and the normal puppet-configured firewall chains/rules. Change-Id: I939c6fecbf4b4fa3d4821025efd96d715f06eb1b Story: 2002843 Task: 22791 Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
2018-11-28 14:22:34 -06:00 · 2018-11-28 14:22:34 -06:00 · 93db17d455
parent b8bb709f18
commit 93db17d455
1 changed files with 4 additions and 7 deletions
--- a/puppet-manifests/src/modules/platform/manifests/firewall.pp
+++ b/puppet-manifests/src/modules/platform/manifests/firewall.pp
@ -264,6 +264,10 @@ class platform::firewall::custom (
    'ipv4' => 'iptables-restore',
    'ipv6' => 'ip6tables-restore'}

+  platform::firewall::hooks { '::platform:firewall:hooks':
+    version => $version,
+  } ->
+
  exec { 'Flush firewall custom pre rules':
    command => "iptables --flush INPUT-custom-pre",
  } ->
@ -334,17 +338,10 @@ class platform::firewall::oam (

  if $rules_file {

-    platform::firewall::hooks { '::platform:firewall:hooks':
-      version => $version,
-    }
-
    class { '::platform::firewall::custom':
      version => $version,
      rules_file => $rules_file,
    }
-
-    # ensure custom rules are applied before system rules
-    Class['::platform::firewall::custom'] -> Firewall <| |>
  }
 }