From 1254cf169249fa75ff9838df48402c936e706426 Mon Sep 17 00:00:00 2001

From: Eric Garver <eric@garver.life>

Date: Thu, 2 May 2019 11:47:25 -0400

Subject: [PATCH 40/73] fix: propagate exception if backend fails with

 IndividualCalls=yes

They were being logged, but not propagated. They need to be propagated

so things like reload() can enter FAILED state.

(cherry picked from commit 360d40a075f5b72e93d941297cc0badf036e53e3)

(cherry picked from commit fba166f79f1fac5e94a97c18369f36d13cab1bd6)

---

 src/firewall/core/fw.py | 3 +--

 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py

index 876c43392b1b..114d41090042 100644

--- a/src/firewall/core/fw.py

+++ b/src/firewall/core/fw.py

@@ -882,7 +882,6 @@ class Firewall(object):

                     backend.set_rule(rule, self._log_denied)

                 except Exception as msg:

                     log.debug1(traceback.format_exc())

-                    log.error("Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables.")

                     log.error(msg)

                     for rule in reversed(_rules[:i]):

                         try:

@@ -890,7 +889,7 @@ class Firewall(object):

                         except Exception:

                             # ignore errors here

                             pass

-                    return False

+                    raise msg

             return True

         else:

             return backend.set_rules(_rules, self._log_denied)

-- 

2.20.1