X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/71f4169d5ec9d5d1c84929ddaedf6a004dc4fd58..c36f915b13f088e99cbcd0d822e9fc32249fe713:/cookbooks/networking/recipes/default.rb?ds=sidebyside

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index a299a67cd..427cd794a 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -690,6 +690,19 @@ elsif node[:networking][:firewall][:engine] == "nftables"
     notifies :restart, "service[nftables]"
   end
 
+  stop_commands = [
+    "/usr/sbin/nft delete table inet filter"
+  ]
+
+  stop_commands << "/usr/sbin/nft delete table ip nat" if node[:roles].include?("gateway")
+
+  systemd_service "nftables-stop" do
+    service "nftables"
+    dropin "stop"
+    exec_reload ""
+    exec_stop stop_commands
+  end
+
   if node[:networking][:firewall][:enabled]
     service "nftables" do
       action [:enable, :start]