Add iptables rules for accessing tunneled services from node (#682)

bazuchan · murali-reddy · commit 70969a3ad7f2 · 2019-03-10T15:11:51.000+05:30
diff --git a/pkg/controllers/proxy/network_services_controller.go b/pkg/controllers/proxy/network_services_controller.go
@@ -2026,6 +2026,10 @@ func setupMangleTableRule(ip string, protocol string, port string, fwmark string
 	if err != nil {
 		return errors.New("Failed to run iptables command to set up FWMARK due to " + err.Error())
 	}
+	err = iptablesCmdHandler.AppendUnique("mangle", "OUTPUT", args...)
+	if err != nil {
+		return errors.New("Failed to run iptables command to set up FWMARK due to " + err.Error())
+	}
 	return nil
 }
 
@@ -2045,6 +2049,16 @@ func (ln *linuxNetworking) cleanupMangleTableRule(ip string, protocol string, po
 			return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())
 		}
 	}
+	exists, err = iptablesCmdHandler.Exists("mangle", "OUTPUT", args...)
+	if err != nil {
+		return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())
+	}
+	if exists {
+		err = iptablesCmdHandler.Delete("mangle", "OUTPUT", args...)
+		if err != nil {
+			return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())
+		}
+	}
 
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -2026,6 +2026,10 @@ func setupMangleTableRule(ip string, protocol string, port string, fwmark string`
`2026`	`2026`	`if err != nil {`
`2027`	`2027`	`return errors.New("Failed to run iptables command to set up FWMARK due to " + err.Error())`
`2028`	`2028`	`}`
	`2029`	`+ err = iptablesCmdHandler.AppendUnique("mangle", "OUTPUT", args...)`
	`2030`	`+ if err != nil {`
	`2031`	`+ return errors.New("Failed to run iptables command to set up FWMARK due to " + err.Error())`
	`2032`	`+ }`
`2029`	`2033`	`return nil`
`2030`	`2034`	`}`
`2031`	`2035`
`@@ -2045,6 +2049,16 @@ func (ln *linuxNetworking) cleanupMangleTableRule(ip string, protocol string, po`
`2045`	`2049`	`return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())`
`2046`	`2050`	`}`
`2047`	`2051`	`}`
	`2052`	`+ exists, err = iptablesCmdHandler.Exists("mangle", "OUTPUT", args...)`
	`2053`	`+ if err != nil {`
	`2054`	`+ return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())`
	`2055`	`+ }`
	`2056`	`+ if exists {`
	`2057`	`+ err = iptablesCmdHandler.Delete("mangle", "OUTPUT", args...)`
	`2058`	`+ if err != nil {`
	`2059`	`+ return errors.New("Failed to cleanup iptables command to set up FWMARK due to " + err.Error())`
	`2060`	`+ }`
	`2061`	`+ }`
`2048`	`2062`
`2049`	`2063`	`return nil`
`2050`	`2064`	`}`