Rename firewall tables to avoid any clash with iptables

[chef.git] / cookbooks / networking / recipes / default.rb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 2ec9691a46a75fd80397b1f66c11404ef89451bd..dccba7c7a8be8c97d52098f7654259a2e26d36fd 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -413,10 +413,12 @@ template "/etc/nftables.conf" do
 end
 
 stop_commands = [
-  "/usr/sbin/nft delete table inet filter"
+  "-/usr/sbin/nft delete table inet filter",
+  "-/usr/sbin/nft delete table inet chef-filter"
 ]
 
-stop_commands << "/usr/sbin/nft delete table ip nat" if node[:roles].include?("gateway")
+stop_commands << "-/usr/sbin/nft delete table ip nat" if node[:roles].include?("gateway")
+stop_commands << "-/usr/sbin/nft delete table ip chef-nat" if node[:roles].include?("gateway")
 
 systemd_service "nftables-stop" do
   service "nftables"