Inicio Explorar Ayuda
Iniciar sesión
akillibulut
/
kilo
espejo de https://github.com/squat/kilo
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

pkg/mesh/routes.go: forward private IPs and allowed location IPs

If the `iptables-allow-forwad` is true, we should also forward packages
to and from private IPs and allowed location IPs of the location.

Signed-off-by: leonnicolas <leonloechner@gmx.de>
leonnicolas hace 4 años
padre
3de4bf527b
commit
c59ac10e15
Se han modificado 1 ficheros con 11 adiciones y 0 borrados
Unificar vista Mostrar estadísticas de diff
  1. 11 0
      pkg/mesh/routes.go

+ 11 - 0
pkg/mesh/routes.go
Ver fichero 

@@ -256,10 +256,21 @@ func (t *Topology) Rules(cni, iptablesForwardRule bool) []iptables.Rule {
 
 		if iptablesForwardRule && t.leader {
 
 		if iptablesForwardRule && t.leader {
 
 			for _, s := range t.segments {
 
 			for _, s := range t.segments {
 
 				if t.location == s.location {
 
 				if t.location == s.location {
 
+					// Make sure packets to and from pod cidrs are not dropped in the forward chain.
 
 					for _, c := range s.cidrs {
 
 					for _, c := range s.cidrs {
 
 						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets from the pod subnet", "-s", c.String(), "-j", "ACCEPT"))
 
 						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets from the pod subnet", "-s", c.String(), "-j", "ACCEPT"))
 
 						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets to the pod subnet", "-d", c.String(), "-j", "ACCEPT"))
 
 						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets to the pod subnet", "-d", c.String(), "-j", "ACCEPT"))
 
 					}
 
 					}
 
+					// Make sure packets to and from allowed location IPs are not dropped in the forward chain.
 
+					for _, c := range s.allowedLocationIPs {
 
+						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets from allowed location IPs", "-s", c.String(), "-j", "ACCEPT"))
 
+						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c.IP)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets to allowed location IPs", "-d", c.String(), "-j", "ACCEPT"))
 
+					}
 
+					// Make sure packets to and from private IPs are not dropped in the forward chain.
 
+					for _, c := range s.privateIPs {
 
+						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets from private IPs", "-s", oneAddressCIDR(c).String(), "-j", "ACCEPT"))
 
+						rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(c)), "filter", "FORWARD", "-m", "comment", "--comment", "Kilo: forward packets to private IPs", "-d", oneAddressCIDR(c).String(), "-j", "ACCEPT"))
 
+					}
 
 				}
 
 				}
 
 			}
 
 			}
 
 		} else if iptablesForwardRule {
 
 		} else if iptablesForwardRule {