From 7c263d19b1da9ad61402f2c470da3cd3d702b4d2 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 4 Feb 2019 23:28:04 -0500
Subject: [PATCH] Initial firewall config causes temporary packet loss

Due to ordering of firewall rule/policy configuration, all incoming
packets may be dropped during firewall configuration, until its
completion. This creates a race condition where this packet loss
could result in manifest application failure, causing the initial
unlock to fail.

In order to avoid this packet loss, this update adds ordering
dependencies to ensure the default policies are applied only after
the common platform firewall rules.

Change-Id: I196911a197e6efb58e41d742a57216d0175cd4be
Closes-Bug: 1814619
Signed-off-by: Don Penney <don.penney@windriver.com>
---
 puppet-manifests/centos/build_srpm.data              |  2 +-
 .../src/modules/platform/manifests/firewall.pp       | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/puppet-manifests/centos/build_srpm.data b/puppet-manifests/centos/build_srpm.data
index c68b6304cd..ca47755dad 100644
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=78
+TIS_PATCH_VER=79
diff --git a/puppet-manifests/src/modules/platform/manifests/firewall.pp b/puppet-manifests/src/modules/platform/manifests/firewall.pp
index 11b91f8a98..e46b967f7a 100644
--- a/puppet-manifests/src/modules/platform/manifests/firewall.pp
+++ b/puppet-manifests/src/modules/platform/manifests/firewall.pp
@@ -298,38 +298,38 @@ class platform::firewall::oam (
     version   => 'ipv4',
   }
 
-  platform::firewall::common { 'platform:firewall:ipv6':
+  -> platform::firewall::common { 'platform:firewall:ipv6':
     interface => $interface_name,
     version   => 'ipv6',
   }
 
-  platform::firewall::services { 'platform:firewall:services':
+  -> platform::firewall::services { 'platform:firewall:services':
     version => $version,
   }
 
   # Set default table policies
-  firewallchain { 'INPUT:filter:IPv4':
+  -> firewallchain { 'INPUT:filter:IPv4':
     ensure => present,
     policy => drop,
     before => undef,
     purge  => false,
   }
 
-  firewallchain { 'INPUT:filter:IPv6':
+  -> firewallchain { 'INPUT:filter:IPv6':
     ensure => present,
     policy => drop,
     before => undef,
     purge  => false,
   }
 
-  firewallchain { 'FORWARD:filter:IPv4':
+  -> firewallchain { 'FORWARD:filter:IPv4':
     ensure => present,
     policy => drop,
     before => undef,
     purge  => false,
   }
 
-  firewallchain { 'FORWARD:filter:IPv6':
+  -> firewallchain { 'FORWARD:filter:IPv6':
     ensure => present,
     policy => drop,
     before => undef,