You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-iptables-monitor/README.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,6 +34,7 @@ Follow the steps below to build and run the program:
34
34
- The `-ipv6` flag enables IPv6 ip6tables monitoring using the IPv6 allowlists. Default: `false`
35
35
- The `-checkMap` flag enables checking the pinned bpf map specified in mapPath for increases. Default: `false`
36
36
- The `-mapPath` flag specifies the pinned bpf map path to check. Default: `/azure-block-iptables-bpf-map/iptables_block_event_counter`
37
+
- The `-terminateOnSuccess` flag, when set, will exit the program once there are no longer user iptables rules detected. Default: `false`
37
38
- The program must be in a k8s environment and `NODE_NAME` must be a set environment variable with the current node.
38
39
39
40
5. The program will set the `kubernetes.azure.com/user-iptables-rules` label to `true` on the specified ciliumnode resource if unexpected rules are found, or `false`if all rules match expected patterns. Proper RBAC is required for patching (patch for ciliumnodes, create for events, get for nodes).
0 commit comments