Skip to content

Commit

Permalink
delete nftables v6 rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@hellt
hellt committed Jan 16, 2025
1 parent 9c4a654 commit a2bbf00
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions runtime/docker/firewall/nftables/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,15 +58,21 @@ func (c *NftablesClient) DeleteForwardingRules() error {
return nil
}

// first check if a rule already exists to not create duplicates
defer c.close()

rules, err := c.getRules(definitions.DockerFWUserChain, definitions.DockerFWTable, nftables.TableFamilyIPv4)
v4rules, err := c.getRules(definitions.DockerFWUserChain, definitions.DockerFWTable, nftables.TableFamilyIPv4)
if err != nil {
return fmt.Errorf("%w. See http://containerlab.dev/manual/network/#external-access", err)
}

mgmtBrRules := c.getRulesForMgmtBr(c.bridgeName, rules)
v6rules, err := c.getRules(definitions.DockerFWUserChain, definitions.DockerFWTable, nftables.TableFamilyIPv6)
if err != nil {
return fmt.Errorf("%w. See http://containerlab.dev/manual/network/#external-access", err)
}

v4v6rules := append(v4rules, v6rules...)

mgmtBrRules := c.getRulesForMgmtBr(c.bridgeName, v4v6rules)
if len(mgmtBrRules) == 0 {
log.Debug("external access iptables rule doesn't exist. Skipping deletion")
return nil
Expand Down

0 comments on commit a2bbf00

Please sign in to comment.