From: cruelsmith <92088441+cruelsmith@users.noreply.github.com> Date: Mon, 2 Jan 2023 16:31:22 +0000 (+0100) Subject: Force firewall chain delete X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=af0116cc5527a5a0804f6e91d519903ef2e69b41;p=puppet-modules%2Fpuppetlabs-firewall.git Force firewall chain delete Flush chain to get rid of unmanaged firewall rules in that chain else the remove of the chain will fail. --- diff --git a/README.md b/README.md index f1985e3..7307e84 100644 --- a/README.md +++ b/README.md @@ -192,10 +192,10 @@ resources { 'firewallchain': } ``` -> **Note:** If there are unmanaged rules in unmanaged chains, it will take a second Puppet run for the firewall chain to be purged. - > **Note:** If you need more fine-grained control about which unmananged rules get removed, investigate the `purge` and `ignore_foreign` parameters available in `firewallchain`. +> **Note:** `ignore_foreign` of `firewallchain` does not work as expected with a resources purge of `firewall`. + ### Upgrading Use these steps if you already have a version of the firewall module installed. diff --git a/lib/puppet/provider/firewallchain/iptables_chain.rb b/lib/puppet/provider/firewallchain/iptables_chain.rb index fb02753..6abe9fb 100644 --- a/lib/puppet/provider/firewallchain/iptables_chain.rb +++ b/lib/puppet/provider/firewallchain/iptables_chain.rb @@ -60,12 +60,14 @@ Puppet::Type.type(:firewallchain).provide :iptables_chain do end def destroy - allvalidchains do |t, chain, table| + allvalidchains do |t, chain, table, protocol| if INTERNAL_CHAINS.match?(chain) # can't delete internal chains warning "Attempting to destroy internal chain #{@resource[:name]}" else - debug "Deleting chain #{chain} on table #{table}" + debug "Flush chain #{chain} on table #{table} (#{protocol})" + t.call ['-t', table, '-F', chain] + debug "Deleting chain #{chain} on table #{table} (#{protocol})" t.call ['-t', table, '-X', chain] end end