Old ferm rules never get deleted

Hi! I’m happy to submit a bug report/PR on this, but I ran into an issue when adding mosh support to my Trellis box.

In an attempt to open up Mosh ports (60000:61000) I messed up: I created a new rule in security.yml without defining a variable.

  - type: dport_accept
    dport: [mosh] # 👈 oopz
    protocol: udp

Before I realized my mistake, I deployed, so the rule was created at /etc/ferm/filter-input.d/50_dport_accept_mosh.conf. The deploy failed when iptables didn’t know what to do with mosh.

I corrected the variable:

  - type: dport_accept
    dport: ["60000:61000"] # 👈 Strings work for port ranges
    protocol: udp

…and re-deployed.

Ansible is set to delete rules in /etc/ferm/filter-input.d/, but it only deletes rules listed in ferm_input_list. The deploy failed: /etc/ferm/filter-input.d/50_dport_accept_mosh.conf still existed, so iptables refused to use the updated rules.

Should the ferm role be updated to just completely empty /etc/ferm/filter-input.d instead of only deleting rules in the list? It seems like that would be more stable, unless a user has manually defined ferm rules and dropped 'em in there.