From 93db17d4559c10cced2dccdd994aa780597d307e Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Wed, 28 Nov 2018 14:22:34 -0600
Subject: [PATCH] Fix up puppet dependencies for firewall rules

Ensure that the custom firewall chains are present before trying to flush
them.  This requires that we remove what we believe is an unnecessary
depencency between the custom firewall chains/rules and the normal
puppet-configured firewall chains/rules.

Change-Id: I939c6fecbf4b4fa3d4821025efd96d715f06eb1b
Story: 2002843
Task: 22791
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
---
 .../src/modules/platform/manifests/firewall.pp        | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/firewall.pp b/puppet-manifests/src/modules/platform/manifests/firewall.pp
index d8901d827a..5776acee4a 100644
--- a/puppet-manifests/src/modules/platform/manifests/firewall.pp
+++ b/puppet-manifests/src/modules/platform/manifests/firewall.pp
@@ -264,6 +264,10 @@ class platform::firewall::custom (
     'ipv4' => 'iptables-restore',
     'ipv6' => 'ip6tables-restore'}
 
+  platform::firewall::hooks { '::platform:firewall:hooks':
+    version => $version,
+  } ->
+
   exec { 'Flush firewall custom pre rules':
     command => "iptables --flush INPUT-custom-pre",
   } ->
@@ -334,17 +338,10 @@ class platform::firewall::oam (
 
   if $rules_file {
 
-    platform::firewall::hooks { '::platform:firewall:hooks':
-      version => $version,
-    }
-
     class { '::platform::firewall::custom':
       version => $version,
       rules_file => $rules_file,
     }
-
-    # ensure custom rules are applied before system rules
-    Class['::platform::firewall::custom'] -> Firewall <| |>
   }
 }