Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1461 from gravitl/bugfix_v0.14.7_nft

flush tables vice delete rules for nft
Matthew R Kasun 3 years ago
parent
a529222bff 43258b642e
commit
18f686b4a0
2 changed files with 6 additions and 10 deletions
Split View Show Diff Stats
  1. 4 6
      logic/gateway.go
  2. 2 4
      netclient/ncutils/netclientutils.go

+ 4 - 6
logic/gateway.go
View File 

@@ -294,9 +294,8 @@ func firewallNFTCommandsCreateIngress(networkInterface string) (string, string)
 
 	postUp += "nft add rule ip nat POSTROUTING oifname " + networkInterface + " counter masquerade"
 
 
 	// doesn't remove potentially empty tables or chains
 
-	postDown := "nft delete rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
 
-	postDown += "nft delete rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
 
-	postDown += "nft delete rule ip nat POSTROUTING oifname " + networkInterface + " counter masquerade"
 
+	postDown := "nft flush table filter; "
 
+	postDown += "nft flush table nat; "
 
 
 	return postUp, postDown
 
 }
 
@@ -308,15 +307,14 @@ func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface s
 
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
 
 	postUp += "nft add rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
 
 
-	postDown := "nft delete rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
 
-	postDown += "nft delete rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
 
+	postDown := "nft flush table filter; "
 
 
 	if egressNatEnabled == "yes" {
 
 		postUp += "nft add table nat ; "
 
 		postUp += "nft add chain nat POSTROUTING ; "
 
 		postUp += "nft add rule ip nat POSTROUTING oifname " + gatewayInterface + " counter masquerade ;"
 
 
-		postDown += "nft delete rule ip nat POSTROUTING oifname " + gatewayInterface + " counter masquerade ;"
 
+		postDown += "nft flush table nat; "
 
 	}
 
 
 	return postUp, postDown

+ 2 - 4
netclient/ncutils/netclientutils.go
View File 

@@ -113,9 +113,7 @@ func GetWireGuard() string {
 
 // IsNFTablesPresent - returns true if nftables is present, false otherwise.
 
 // Does not consider OS, up to the caller to determine if the OS supports nftables/whether this check is valid.
 
 func IsNFTablesPresent() bool {
 
-	var nftFound bool
 
-
 
-	nftFound = FileExists("/usr/sbin/nft")
 
+	nftFound := FileExists("/usr/sbin/nft")
 
 	logger.Log(3, "nftables found:", strconv.FormatBool(nftFound))
 
 	return nftFound
 
 }
 
@@ -243,7 +241,7 @@ func GetLocalIP(localrange string) (string, error) {
 
 	return local, nil
 
 }
 
 
-//GetNetworkIPMask - Pulls the netmask out of the network
 
+// GetNetworkIPMask - Pulls the netmask out of the network
 
 func GetNetworkIPMask(networkstring string) (string, string, error) {
 
 	ip, ipnet, err := net.ParseCIDR(networkstring)
 
 	if err != nil {