bundles/docker-ce: sort nftables rules

2022-12-26 12:57:42 +01:00 · 2022-12-26 12:57:42 +01:00 · d282d77a99
parent cb4d28c994
commit d282d77a99
1 changed files with 5 additions and 10 deletions
--- a/bundles/docker-ce/metadata.py
+++ b/bundles/docker-ce/metadata.py
@ -12,14 +12,6 @@ defaults = {
            'docker-ce-cli': {},
        },
    },
-    'nftables': {
-        'rules': {
-            '00-docker-ce': {
-                'inet filter forward ct state { related, established } accept',
-                'inet filter forward iifname docker0 accept',
-            },
-        },
-    },
 }


@ -27,7 +19,10 @@ defaults = {
    'nftables/rules/00-docker-ce',
 )
 def nftables_nat(metadata):
-    rules = set()
+    rules = {
+        'inet filter forward ct state { related, established } accept',
+        'inet filter forward iifname docker0 accept',
+    }

    for iface in metadata.get('interfaces'):
        rules.add(f'nat postrouting oifname {iface} masquerade')
@ -35,7 +30,7 @@ def nftables_nat(metadata):
    return {
        'nftables': {
            'rules': {
-                '00-docker-ce': rules,
+                '00-docker-ce': sorted(rules),
            },
        },
    }