From bc8edcec4a3eaf5f5c1b3b64ca67f3a0620df5c4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=A9dric=20Ollivier?= Date: Thu, 24 Apr 2025 15:27:36 +0200 Subject: [PATCH] Flush iptables MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Podman doesn't clean all the iptables rules Change-Id: I67c0a4053eec9a93fbd9970a39a7a59f316ef320 Signed-off-by: Cédric Ollivier --- jjb/functest/xtesting-ci.yaml | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/jjb/functest/xtesting-ci.yaml b/jjb/functest/xtesting-ci.yaml index 729f9403b..4c8591cb1 100644 --- a/jjb/functest/xtesting-ci.yaml +++ b/jjb/functest/xtesting-ci.yaml @@ -15,8 +15,6 @@ sudo docker ps -aq |xargs sudo docker rm || true sudo docker system prune -f --all || true sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf - sudo systemctl daemon-reload - sudo systemctl restart docker if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then sudo DEBIAN_FRONTEND=noninteractive apt \ -o DPkg::Lock::Timeout=300 install podman -y @@ -25,6 +23,16 @@ sudo podman system prune --all --force || true fi sudo rm -rfv /data /tmp/xtesting* + sudo iptables -P INPUT ACCEPT + sudo iptables -P FORWARD ACCEPT + sudo iptables -P OUTPUT ACCEPT + sudo iptables -t nat -F + sudo iptables -t mangle -F + sudo iptables -F + sudo iptables -X + sudo systemctl daemon-reload + sudo systemctl restart docker + sudo systemctl restart podman if [ $(lsb_release -r -s |cut -d\. -f1) -ge "24" ]; then sudo DEBIAN_FRONTEND=noninteractive apt \ -o DPkg::Lock::Timeout=300 install ansible patch -y @@ -62,8 +70,6 @@ sudo docker ps -aq |xargs sudo docker rm || true sudo docker system prune -f --all || true sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf - sudo systemctl daemon-reload - sudo systemctl restart docker if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then sudo DEBIAN_FRONTEND=noninteractive apt \ -o DPkg::Lock::Timeout=300 install podman -y @@ -72,6 +78,16 @@ sudo podman system prune --all --force || true fi sudo rm -rfv /data /tmp/xtesting* + sudo iptables -P INPUT ACCEPT + sudo iptables -P FORWARD ACCEPT + sudo iptables -P OUTPUT ACCEPT + sudo iptables -t nat -F + sudo iptables -t mangle -F + sudo iptables -F + sudo iptables -X + sudo systemctl daemon-reload + sudo systemctl restart docker + sudo systemctl restart podman EOF if [ $(lsb_release -r -s |cut -d\. -f1) -ge "24" ]; then sudo DEBIAN_FRONTEND=noninteractive apt \ @@ -225,8 +241,6 @@ sudo docker ps -aq |xargs sudo docker rm || true sudo docker system prune -f --all || true sudo rm -f /etc/systemd/system/docker.service.d/http-proxy.conf - sudo systemctl daemon-reload - sudo systemctl restart docker if [ $(lsb_release -r -s |cut -d\. -f1) -ge "22" ]; then sudo DEBIAN_FRONTEND=noninteractive apt \ -o DPkg::Lock::Timeout=300 install podman -y @@ -235,7 +249,16 @@ sudo podman system prune --all --force || true fi sudo rm -rfv /data /tmp/xtesting* - + sudo iptables -P INPUT ACCEPT + sudo iptables -P FORWARD ACCEPT + sudo iptables -P OUTPUT ACCEPT + sudo iptables -t nat -F + sudo iptables -t mangle -F + sudo iptables -F + sudo iptables -X + sudo systemctl daemon-reload + sudo systemctl restart docker + sudo systemctl restart podman - builder: name: xtesting-ci-tests-debian-docker -- 2.16.6