summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in29
1 files changed, 17 insertions, 12 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
index 7b07025700..677ef28c37 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
@@ -29,6 +29,7 @@ gbmc_ncsi_br_deprecated_ips_update() {
"${gbmc_ncsi_br_deprecated_ips_lastip:-(deleted)}" >&2
local contents=
+ local nfcontents=
if [ -n "$gbmc_ncsi_br_deprecated_ips_lastip" ]; then
local pfx_bytes=()
ip_to_bytes pfx_bytes "$gbmc_ncsi_br_deprecated_ips_lastip"
@@ -50,6 +51,16 @@ PreferredLifetime=0
Address=$host_pfx/128
PreferredLifetime=0
EOF
+ read -r -d '' nfcontents <<EOF
+table inet filter {
+ chain ncsi_input {
+ ip6 saddr != $pfx/76 ip6 daddr $pfx/76 goto ncsi_gbmc_br_pub_input
+ }
+ chain ncsi_forward {
+ ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept
+ }
+}
+EOF
fi
local file
@@ -70,19 +81,13 @@ EOF
networkctl reload && networkctl reconfigure @NCSI_IF@
fi
- read -r -d '' contents <<EOF
-table inet filter {
- chain ncsi_input {
- ip6 saddr != $pfx/76 ip6 daddr $pfx/76 goto ncsi_gbmc_br_pub_input
- }
- chain ncsi_forward {
- ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept
- }
-}
-EOF
- rfile=/run/nftables/40-gbmc-ncsi-br.rules
+ local rfile=/run/nftables/40-gbmc-ncsi-br.rules
mkdir -p -m 755 "$(dirname "$rfile")"
- printf '%s' "$contents" >"$rfile"
+ if [ -z "$nfcontents" ]; then
+ rm -f "$rfile"
+ else
+ printf '%s' "$nfcontents" >"$rfile"
+ fi
systemctl reset-failed nftables && systemctl --no-block restart nftables || true
}
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-02 17:51:12 +0300