Révision c00bcf2d
Changed path to use fact. Partial conversion of execs to arrays
| manifests/init.pp | ||
|---|---|---|
| 235 | 235 |
if $purge_unmanaged_rules {
|
| 236 | 236 |
# Reload the nftables ruleset from the on-disk ruleset if there are differences or it is absent. -s must be used to ignore counters |
| 237 | 237 |
exec { 'nftables_memory_state_check':
|
| 238 |
command => 'echo "reloading nftables"',
|
|
| 239 |
path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
|
|
| 240 |
unless => "/usr/bin/test -s ${inmem_rules_hash_file} -a \"$(nft -s list ruleset | sha1sum)\" = \"$(cat ${inmem_rules_hash_file})\"",
|
|
| 238 |
command => ['echo', 'reloading_nftables'],
|
|
| 239 |
path => $facts['path'],
|
|
| 240 |
unless => ["test -s ${inmem_rules_hash_file} -a \"$(nft -s list ruleset | sha1sum)\" = \"$(cat ${inmem_rules_hash_file})\""],
|
|
| 241 | 241 |
notify => Service['nftables'], |
| 242 | 242 |
} |
| 243 | 243 |
|
| 244 | 244 |
# Generate nftables_hash upon any changes from the nftables service |
| 245 | 245 |
exec { 'nftables_generate_hash':
|
| 246 | 246 |
command => "nft -s list ruleset | sha1sum > ${inmem_rules_hash_file}",
|
| 247 |
path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
|
|
| 247 |
path => $facts['path'],
|
|
| 248 | 248 |
subscribe => Service['nftables'], |
| 249 | 249 |
refreshonly => true, |
| 250 | 250 |
} |
Formats disponibles : Unified diff