Add a script to zero /etc/sysconfig/iptables at build time

When including this element we empty the stock /etc/sysconfig/iptables
file as shipped by the iptables rpm package. The reason for this is that
puppet firewall has a hard time to cope with exiting rules when
/etc/sysconfig/iptables is populated and the iptables service is not
active. The referenced bug has a full explanation for the problem.

Partial-Bug: #1657108

Change-Id: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
This commit is contained in:
Michele Baldessari 2017-01-19 09:53:19 +01:00
parent f31cd84bef
commit 48c2a3f7ce
1 changed files with 7 additions and 0 deletions

View File

@ -0,0 +1,7 @@
#!/bin/bash
set -eux
set -o pipefail
if [[ "rhel rhel7 centos7 fedora" =~ "$DISTRO_NAME" ]]; then
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/iptables
fi