Make flushing on restart truly optional #87
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Implements #82 |
|
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark pull requests as stale. |
|
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This update adds the conditional check for
firewall_flush_rules_and_chainsto also not include ExecStop when false.A side effect of that is that the bash script that triggers on restart will add the same rules to iptables again, duplicating the rules.
Running
iptables-save | awk '/^COMMIT$/ { delete x; }; !x[$0]++' | uniq | iptables-restoreafter all rules have been (re)added will read iptables, remove duplicates and persist the rules.This operation is probably only needed when we're not flushing on restart but otoh it also doesn't hurt to scrub dupe rules from iptables as a general practice?