don't masquerade services or pod traffic

aojea · Jun 8, 2024 · 1aa2359 · 1aa2359
1 parent b6756b9
commit 1aa2359
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/pkg/dataplane/controller.go b/pkg/dataplane/controller.go
@@ -235,6 +235,11 @@ func (c *Controller) syncRules(ctx context.Context) {
 				SetName:        apis.PodRangesV4Set,
 				Invert:         true,
 			},
+			&expr.Lookup{
+				SourceRegister: 1,
+				SetName:        apis.ServiceIPsV4Set,
+				Invert:         true,
+			},
 			// [ masq flags 0x10 ]
 			&expr.Masq{
 				FullyRandom: true,
@@ -293,6 +298,11 @@ func (c *Controller) syncRules(ctx context.Context) {
 				SetName:        apis.PodRangesV6Set,
 				Invert:         true,
 			},
+			&expr.Lookup{
+				SourceRegister: 1,
+				SetName:        apis.ServiceIPsV6Set,
+				Invert:         true,
+			},
 			// [ masq flags 0x10 ]
 			&expr.Masq{
 				FullyRandom: true,