diff options
author | William A. Kennington III <wak@google.com> | 2021-12-15 13:21:52 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-12-16 02:56:47 +0300 |
commit | 7356f8ebcb6b0e4c06018c748b7c5771b41e007e (patch) | |
tree | b25eb5ca71f9040d838b5276144e32d616315d91 /meta-google/recipes-google/nftables/files/nftables.service | |
parent | bdccd86cc18f9dba43fb488797f91d941035254f (diff) | |
download | openbmc-7356f8ebcb6b0e4c06018c748b7c5771b41e007e.tar.xz |
meta-google: nftables: Make rule loading atomic
This ensures that all of the rules are processed and unexpected packets
are not allowed or blocked by the kernel at any time.
Change-Id: Ia7bb1d7f604f8ed1bd9759a23e370d20cb0c690d
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-google/recipes-google/nftables/files/nftables.service')
-rw-r--r-- | meta-google/recipes-google/nftables/files/nftables.service | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-google/recipes-google/nftables/files/nftables.service b/meta-google/recipes-google/nftables/files/nftables.service index 770a3d3ac..1a93812b8 100644 --- a/meta-google/recipes-google/nftables/files/nftables.service +++ b/meta-google/recipes-google/nftables/files/nftables.service @@ -5,6 +5,7 @@ Before=network-pre.target Type=oneshot RemainAfterExit=yes ExecStart=/usr/libexec/nft-configure.sh +ExecReload=/usr/libexec/nft-configure.sh ExecStop=/usr/sbin/nft flush ruleset [Install] |