Set stateless output

skalenetwork · Jan 14, 2025 · eb74a90 · eb74a90
1 parent f9e2f05
commit eb74a90
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/node_cli/core/nftables.py b/node_cli/core/nftables.py
@@ -74,6 +74,7 @@ class NFTablesManager:
     def __init__(self, family: str = 'inet', table: str = 'firewall', chain: str = 'skale') -> None:
         self.nft = nftables.Nftables()
         self.nft.set_json_output(True)
+        self.nft.set_stateless_output(True)
         self.family = family
         self.table = table
         self.chain = chain

diff --git a/node_cli/migrations/focal_to_jammy.py b/node_cli/migrations/focal_to_jammy.py
@@ -18,6 +18,8 @@
 
 
 import logging
+import os
+import shutil
 
 from node_cli.core.nftables import LEGACY_CHAIN, POLICY, NFTablesManager
 from node_cli.utils.helper import run_cmd
@@ -111,6 +113,15 @@ def remove_old_iptables_rules() -> None:
     remove_icmp_rules()
 
 
+def remove_old_saved_rules() -> None:
+    logger.info('Removing saved on disk legacy rules')
+    rules_files = ['/etc/iptables/rules.v4', '/etc/iptables/rules.v6']
+    backup_files = ['/etc/iptables/.rules.v4', '/etc/iptables/.rules.v6']
+    for rules_filepath, backup_filepath in zip(rules_files, backup_files):
+        if os.path.isfile(rules_filepath):
+            shutil.move(rules_filepath, backup_filepath)
+
+
 def migrate() -> None:
     nft = NFTablesManager(family='ip', table='filter', chain=LEGACY_CHAIN)
     logger.info('Making sure legacy chain has default policy accept')
@@ -127,4 +138,6 @@ def migrate() -> None:
     plain_rules = res.stdout.decode('utf-8')
     logger.debug(plain_rules)
 
+    remove_old_saved_rules()
+
     logger.info('Migration from focal to jammy completed')