From a0b70bc4451954fdc5ef1b2c04d7187c4f8b5fdb Mon Sep 17 00:00:00 2001
From: manegron <manegron@redborder.com>
Date: Sun, 8 Dec 2024 00:41:26 +0000
Subject: [PATCH] Avoid reloading all time

---
 resources/libraries/helper.rb |  3 +++
 resources/providers/config.rb | 16 ++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/resources/libraries/helper.rb b/resources/libraries/helper.rb
index cab4055..e46a410 100644
--- a/resources/libraries/helper.rb
+++ b/resources/libraries/helper.rb
@@ -14,6 +14,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-port=#{value}/#{protocol}"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       when :protocol
         firewall_rule "Allow protocol #{value} in #{zone} zone" do
@@ -22,6 +23,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-protocol=#{value}"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       when :rich_rule
         firewall_rule "Adding rich rule #{value} in #{zone} zone" do
@@ -30,6 +32,7 @@ def apply_rule(type, value, zone, protocol = nil)
           action :create
           permanent true
           not_if "firewall-cmd --permanent --zone=#{zone} --query-rich-rule='#{value}'"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       end
     end
diff --git a/resources/providers/config.rb b/resources/providers/config.rb
index 453ef7e..f8d97f6 100644
--- a/resources/providers/config.rb
+++ b/resources/providers/config.rb
@@ -13,6 +13,12 @@
     flush_cache [:before]
   end
 
+  service 'firewalld' do
+    service_name 'firewalld'
+    supports status: true, reload: true, restart: true, start: true, enable: true
+    action [:enable, :start]
+  end
+
   template '/etc/firewalld.conf' do
     source 'firewalld.conf.erb'
     cookbook 'rb-firewall'
@@ -30,6 +36,7 @@
       action :create
       permanent true
       not_if "firewall-cmd --zone=home --query-interface=#{sync_interface}"
+      notifies :reload, 'service[firewalld]', :delayed
     end
 
     firewall_rule 'Add sync subnet to home' do
@@ -38,6 +45,7 @@
       action :create
       permanent true
       not_if "firewall-cmd --zone=home --query-source=#{sync_subnet}"
+      notifies :reload, 'service[firewalld]', :delayed
     end
   end
 
@@ -73,6 +81,7 @@
           action :delete
           permanent true
           only_if "firewall-cmd --permanent --zone=public --query-rich-rule='rule family=\"ipv4\" source address=\"#{ip}\" port port=\"9092\" protocol=\"tcp\" accept'"
+          notifies :reload, 'service[firewalld]', :delayed
         end
       end
     end
@@ -84,16 +93,11 @@
         action :create
         permanent true
         not_if "firewall-cmd --permanent --zone=public --query-rich-rule='rule family=\"ipv4\" source address=\"#{ip}\" port port=\"9092\" protocol=\"tcp\" accept'"
+        notifies :reload, 'service[firewalld]', :delayed
       end
     end
   end
 
-  service 'firewalld' do
-    service_name 'firewalld'
-    supports status: true, reload: true, restart: true, start: true, enable: true
-    action [:enable, :start, :reload]
-  end
-
   Chef::Log.info('Firewall configuration has been applied.')
 end