Handle missing conntrack binary and clean up Dockerfile

Log a warning if the conntrack binary is missing to ensure graceful handling of the error and continued execution. Additionally, remove unnecessary commented-out systemd overrides in the Dockerfile to improve clarity and maintainability.
dvershinin · Dec 19, 2024 · 348870b · 348870b
1 parent b0c75eb
commit 348870b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 8 deletions.
diff --git a/fds/FirewallWrapper.py b/fds/FirewallWrapper.py
@@ -186,6 +186,8 @@ def block_ip(self, ip, ipset_name=None, reload=True):
         from subprocess import CalledProcessError, check_output, STDOUT
         try:
             check_output(["/sbin/conntrack", "-D", "-s", str(ip)], stderr=STDOUT)
+        except FileNotFoundError:
+            log.warning('conntrack not found, skipping connection drop')
         except CalledProcessError as e:
             pass
 

diff --git a/firewalld.Dockerfile b/firewalld.Dockerfile
@@ -20,12 +20,4 @@ RUN pip3 install .
 COPY firewalld-tests.sh firewalld-tests.sh
 RUN chmod +x firewalld-tests.sh
 
-## Override systemd defaults
-#RUN mkdir -p /etc/systemd/system/service.d
-#RUN echo '[Service]' > /etc/systemd/system/service.d/override.conf
-#RUN echo 'ExecStart=' >> /etc/systemd/system/service.d/override.conf
-#RUN echo 'ExecStart=/usr/lib/systemd/systemd' >> /etc/systemd/system/service.d/override.conf
-#
-#VOLUME [ "/sys/fs/cgroup" ]
-
 CMD ["/sbin/init"]