Browse Source
Create all chains before any rules
If some rules references other chains that are not yet present state fails. Make sure all chains are created before any rules by configuring requirement constraint. Change-Id: Iaf506919f330ff962891baab8132c3b46c49a47c Closes-Bug: PROD-18821pull/19/head
Sergio Lystopad
6 years ago
2 changed files with 6 additions and 1 deletions
+ 5
- 1
iptables/_rule.sls
View File
| @@ -4,9 +4,13 @@ iptables_{{ chain_name }}_{{ rule_name }}: | |||
| - position: {{ rule.position }} | |||
| {%- else %} | |||
| iptables.append: | |||
| {%- if loop.index != 1 %} | |||
| - require: | |||
| {%- if loop.index != 1 %} | |||
| - iptables: iptables_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }} | |||
| {%- else %} | |||
| {%- for chain in chains %} | |||
| - iptables: iptables_{{ chain }} | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {%- endif %} | |||
| - table: {{ rule.get('table', 'filter') }} | |||
+ 1
- 0
iptables/rules.sls
View File
| @@ -1,6 +1,7 @@ | |||
| {% from "iptables/map.jinja" import service with context %} | |||
| {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} | |||
| {%- set chains = service.get('chain', {}).keys() %} | |||
| {%- for chain_name, chain in service.get('chain', {}).iteritems() %} | |||
| iptables_{{ chain_name }}: | |||
Loading…