networking: add flush command to nftables script

author Grant Slater <github@firefishy.com>

Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)

committer Grant Slater <github@firefishy.com>

Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)
author Grant Slater <github@firefishy.com>
Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)
committer Grant Slater <github@firefishy.com>
Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)
diff --git a/cookbooks/networking/templates/default/nftables.erb b/cookbooks/networking/templates/default/nftables.erb

index 778e57a218768fb84fe03ba4c343b8ad7fddc4d7..7484877d562eeb057eac2084917fde220b145fb5 100644 (file)
--- a/cookbooks/networking/templates/default/nftables.erb
+++ b/cookbooks/networking/templates/default/nftables.erb
@@ -40,6 +40,11 @@ unblock() {
    done
  }
  
+flush() {
+  /usr/sbin/nft flush set inet chef-filter ip-blocklist
+  /usr/sbin/nft flush set inet chef-filter ip6-blocklist
+}
+
  command=$1
  shift
  
@@ -49,6 +54,7 @@ case "$command" in
    reload) reload;;
    block) block "$@";;
    unblock) unblock "$@";;
+  flush) flush;;
  esac
  
  exit 0
author	Grant Slater <github@firefishy.com>
	Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)
committer	Grant Slater <github@firefishy.com>
	Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)