Merge pull request #80 from Intel-BMC/updateHEAD1-0.91intel

Update

1 files changed, 1 insertions, 28 deletions

diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
index 7a630f5fe..074ec5785 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
@@ -35,45 +35,18 @@ gbmc_ncsi_nft_update() {
   fi
 
   local ip6="$gbmc_ncsi_nft_lastip6"
-  local pfx=
   if [ -n "$ip6" ]; then
     contents+="        ip6 daddr $ip6/128 goto ncsi_legacy_input"$'\n'
-
-    local ip_bytes=()
-    ip_to_bytes ip_bytes "$ip6"
-    # If our address has enough spare bits for appending the BMC suffix
-    # then we add a rule that allows the BMC subnet. That is, we need a /64
-    # as input.
-    local i
-    for (( i = 8; i < 16; i++ )); do
-      if (( ip_bytes[$i] != 0 )); then
-        ip_bytes=()
-        break
-      fi
-    done
-    if (( ${#ip_bytes[@]} != 0 )); then
-      ip_bytes[8]=0xfd
-      pfx="$(ip_bytes_to_str ip_bytes)"
-      contents+="        ip6 saddr != $pfx/76 ip6 daddr"
-      contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n'
-    fi
   fi
 
   contents+='    }'$'\n'
-  contents+='    chain ncsi_forward {'$'\n'
-  if [ -n "$pfx" ]; then
-    contents+="        ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n'
-  fi
-  contents+='    }'$'\n'
   contents+='}'$'\n'
 
   local rfile=/run/nftables/40-gbmc-ncsi-in.rules
   mkdir -p -m 755 "$(dirname "$rfile")"
   printf '%s' "$contents" >"$rfile"
 
-  echo 'Restarting nftables' >&2
-  systemctl reset-failed nftables
-  systemctl --no-block restart nftables
+  systemctl reset-failed nftables && systemctl --no-block reload-or-restart nftables || true
 }
 
 gbmc_ncsi_nft_hook() {