From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Thu, 24 Apr 2025 13:27:36 +0000 (+0200)
Subject: Flush iptables
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=bc8edcec4a3eaf5f5c1b3b64ca67f3a0620df5c4;p=releng.git

Flush iptables

Podman doesn't clean all the iptables rules

Change-Id: I67c0a4053eec9a93fbd9970a39a7a59f316ef320
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
---

diff --git a/jjb/functest/xtesting-ci.yaml b/jjb/functest/xtesting-ci.yaml
index 729f9403b..4c8591cb1 100644
--- a/jjb/functest/xtesting-ci.yaml
+++ b/jjb/functest/xtesting-ci.yaml
@@ -15,8 +15,6 @@
           sudo docker ps -aq |xargs sudo docker rm || true
           sudo docker system prune -f --all || true
           sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf
-          sudo systemctl daemon-reload
-          sudo systemctl restart docker
           if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then
             sudo DEBIAN_FRONTEND=noninteractive apt \
               -o DPkg::Lock::Timeout=300 install podman -y
@@ -25,6 +23,16 @@
             sudo podman system prune --all --force || true
           fi
           sudo rm -rfv /data /tmp/xtesting*
+          sudo iptables -P INPUT ACCEPT
+          sudo iptables -P FORWARD ACCEPT
+          sudo iptables -P OUTPUT ACCEPT
+          sudo iptables -t nat -F
+          sudo iptables -t mangle -F
+          sudo iptables -F
+          sudo iptables -X
+          sudo systemctl daemon-reload
+          sudo systemctl restart docker
+          sudo systemctl restart podman
           if [ $(lsb_release -r -s |cut -d\. -f1) -ge "24" ]; then
             sudo DEBIAN_FRONTEND=noninteractive apt \
               -o DPkg::Lock::Timeout=300 install ansible patch -y
@@ -62,8 +70,6 @@
             sudo docker ps -aq |xargs sudo docker rm || true
             sudo docker system prune -f --all || true
             sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf
-            sudo systemctl daemon-reload
-            sudo systemctl restart docker
             if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then
               sudo DEBIAN_FRONTEND=noninteractive apt \
                 -o DPkg::Lock::Timeout=300 install podman -y
@@ -72,6 +78,16 @@
               sudo podman system prune --all --force || true
             fi
             sudo rm -rfv /data /tmp/xtesting*
+            sudo iptables -P INPUT ACCEPT
+            sudo iptables -P FORWARD ACCEPT
+            sudo iptables -P OUTPUT ACCEPT
+            sudo iptables -t nat -F
+            sudo iptables -t mangle -F
+            sudo iptables -F
+            sudo iptables -X
+            sudo systemctl daemon-reload
+            sudo systemctl restart docker
+            sudo systemctl restart podman
           EOF
           if [ $(lsb_release -r -s |cut -d\. -f1) -ge "24" ]; then
             sudo DEBIAN_FRONTEND=noninteractive apt \
@@ -225,8 +241,6 @@
           sudo docker ps -aq |xargs sudo docker rm || true
           sudo docker system prune -f --all || true
           sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf
-          sudo systemctl daemon-reload
-          sudo systemctl restart docker
           if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then
             sudo DEBIAN_FRONTEND=noninteractive apt \
               -o DPkg::Lock::Timeout=300 install podman -y
@@ -235,7 +249,16 @@
             sudo podman system prune --all --force || true
           fi
           sudo rm -rfv /data /tmp/xtesting*
-
+          sudo iptables -P INPUT ACCEPT
+          sudo iptables -P FORWARD ACCEPT
+          sudo iptables -P OUTPUT ACCEPT
+          sudo iptables -t nat -F
+          sudo iptables -t mangle -F
+          sudo iptables -F
+          sudo iptables -X
+          sudo systemctl daemon-reload
+          sudo systemctl restart docker
+          sudo systemctl restart podman
 
 - builder:
     name: xtesting-ci-tests-debian-docker