Add a script to zero /etc/sysconfig/iptables at build time
When including this element we empty the stock /etc/sysconfig/iptables file as shipped by the iptables rpm package. The reason for this is that puppet firewall has a hard time to cope with exiting rules when /etc/sysconfig/iptables is populated and the iptables service is not active. The referenced bug has a full explanation for the problem. Partial-Bug: #1657108 Change-Id: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
This commit is contained in:
parent
f31cd84bef
commit
48c2a3f7ce
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
if [[ "rhel rhel7 centos7 fedora" =~ "$DISTRO_NAME" ]]; then
|
||||
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/iptables
|
||||
fi
|
Loading…
Reference in New Issue