Skip to content

Commit

Permalink
refactor: remove duplicated iptables subnet forward rules
Browse files Browse the repository at this point in the history
The ipset based iptables rules have already did the work.

Signed-off-by: oilbeater <[email protected]>
  • Loading branch information
oilbeater committed Dec 20, 2024
1 parent 6478007 commit 3169bff
Showing 1 changed file with 1 addition and 40 deletions.
41 changes: 1 addition & 40 deletions pkg/daemon/gateway_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -731,46 +731,7 @@ func (c *Controller) setIptables() error {
)
}
}
_, subnetCidrs, err := c.getDefaultVpcSubnetsCIDR(protocol)
if err != nil {
klog.Errorf("get subnets failed, %+v", err)
return err
}

for name, subnetCidr := range subnetCidrs {
iptablesRules = append(iptablesRules,
util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -s %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -d %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
)
}

rules, err := ipt.List("filter", "FORWARD")
if err != nil {
klog.Errorf(`failed to list iptables rule table "filter" chain "FORWARD" with err %v `, err)
return err
}

for _, rule := range rules {
if !strings.Contains(rule, util.OvnSubnetGatewayIptables) {
continue
}

var inUse bool
for name := range subnetCidrs {
if slices.Contains(util.DoubleQuotedFields(rule), fmt.Sprintf("%s,%s", util.OvnSubnetGatewayIptables, name)) {
inUse = true
break
}
}

if !inUse {
// rule[11:] skip "-A FORWARD "
if err = deleteIptablesRule(ipt, util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: util.DoubleQuotedFields(rule[11:])}); err != nil {
klog.Error(err)
return err
}
}
}

var natPreroutingRules, natPostroutingRules, ovnMasqueradeRules, manglePostroutingRules []util.IPTableRule
for _, rule := range iptablesRules {
if rule.Table == NAT {
Expand Down

0 comments on commit 3169bff

Please sign in to comment.