From: Grant Slater <github@firefishy.com>
Date: Tue, 19 Mar 2024 11:15:05 +0000 (+0000)
Subject: networking: add flush command to nftables script
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/61fee53bf3d40283ad5ddbe437b3f421a308652f

networking: add flush command to nftables script
---

diff --git a/cookbooks/networking/templates/default/nftables.erb b/cookbooks/networking/templates/default/nftables.erb
index 778e57a21..7484877d5 100644
--- a/cookbooks/networking/templates/default/nftables.erb
+++ b/cookbooks/networking/templates/default/nftables.erb
@@ -40,6 +40,11 @@ unblock() {
   done
 }
 
+flush() {
+  /usr/sbin/nft flush set inet chef-filter ip-blocklist
+  /usr/sbin/nft flush set inet chef-filter ip6-blocklist
+}
+
 command=$1
 shift
 
@@ -49,6 +54,7 @@ case "$command" in
   reload) reload;;
   block) block "$@";;
   unblock) unblock "$@";;
+  flush) flush;;
 esac
 
 exit 0