Closed isuftin closed 2 years ago
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark pull requests as stale.
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
This update adds the conditional check for
firewall_flush_rules_and_chains
to also not include ExecStop when false.A side effect of that is that the bash script that triggers on restart will add the same rules to iptables again, duplicating the rules.
Running
iptables-save | awk '/^COMMIT$/ { delete x; }; !x[$0]++' | uniq | iptables-restore
after all rules have been (re)added will read iptables, remove duplicates and persist the rules.This operation is probably only needed when we're not flushing on restart but otoh it also doesn't hurt to scrub dupe rules from iptables as a general practice?