From 2ca39f14f88686ceb55b8337f57d84b47f2864be Mon Sep 17 00:00:00 2001
From: Aaron U'Ren <aauren@users.noreply.github.com>
Date: Thu, 2 Dec 2021 19:06:43 -0600
Subject: [PATCH] fix(nsc): properly check hairpinning rule

Previously, we would iterate over rulesFromNode, but then check it
against the entirety of the rulesNeeded hash. This resulted in the loop
breaking as soon as it found any matching rule from the host rather than
it breaking if it matched the rule that we were currently processing.
---
 pkg/controllers/proxy/network_services_controller.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/controllers/proxy/network_services_controller.go b/pkg/controllers/proxy/network_services_controller.go
index bd9e7210..780371e1 100644
--- a/pkg/controllers/proxy/network_services_controller.go
+++ b/pkg/controllers/proxy/network_services_controller.go
@@ -1423,11 +1423,11 @@ func (nsc *NetworkServicesController) syncHairpinIptablesRules() error {
 	}
 
 	// Apply the rules we need
-	for _, ruleArgs := range rulesNeeded {
+	for rule, ruleArgs := range rulesNeeded {
 		ruleExists := false
 		for _, ruleFromNode := range rulesFromNode {
-			_, ruleExists = rulesNeeded[ruleFromNode]
-			if ruleExists {
+			if rule == ruleFromNode {
+				ruleExists = true
 				break
 			}
 		}