From ce2ab244411419c37b4c8a1a8f84c95cd3f67a3f Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutras.com>
Date: Sat, 20 Jan 2024 21:19:53 +0200
Subject: [PATCH] firewalld: rebase firewalld.conf to firewalld 2.1.0-1

---
 roles/firewalld/templates/firewalld.conf.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/firewalld/templates/firewalld.conf.j2 b/roles/firewalld/templates/firewalld.conf.j2
index f8caf11c8..7a0be1ff1 100644
--- a/roles/firewalld/templates/firewalld.conf.j2
+++ b/roles/firewalld/templates/firewalld.conf.j2
@@ -66,6 +66,14 @@ FirewallBackend=nftables
 # Default: yes
 FlushAllOnReload=yes
 
+# ReloadPolicy
+# Policy during reload. By default all traffic except for established
+# connections is dropped while the rules are updated. Set to "DROP", "REJECT"
+# or "ACCEPT". Alternatively, specify it per table, like
+# "OUTPUT:ACCEPT,INPUT:DROP,FORWARD:REJECT".
+# Default: ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
+ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
+
 # RFC3964_IPv4
 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
 # correspond to IPv4 addresses that should not be routed over the public
-- 
GitLab