kolla-ansible/firewalld-immediate-c2abf09977c455a9.yaml at a5ea108dc3f00b155cd22df02f5a4004654624d0 - kolla-ansible - OpenDev: Free Software Needs Free Tools

openstack/kolla-ansible

Mark Goddard 2fbb067b56 Apply public firewalld rules immediately

Previously, firewalld rules were applied to configuration, then
firewalld reloaded to pick up all the new rules. Reloading firewalld can
be disruptive because it sets all chains to a DROP policy while building
up its firewall rules, breaking open connections.

This change switches to applying rules both permanently (to config) and
immediately, such that no reload is required.

Change-Id: I8e48b7827b33bdd2061d0e89c905bea8e29f60e8

2023-05-25 12:49:11 +01:00

8 lines

283 B

YAML

Raw Blame History

 ---
 features:
   - |
     Modifies public API firewalld rules to be applied immediately to a running
     firewalld service. This requires firewalld to be running, but avoids
     reloading firewalld, which is disruptive due to the way in which firewalld
     builds its firewall chains.