mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-10-08 08:21:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

network policy: use 'addrtype' module and --src-type=LOCAL to match local traffic

Browse Source
This commit is contained in:
Murali Reddy 2017-10-16 02:06:54 +05:30
parent 665e6676b2
commit 84741b6a5e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/network_policy_controller.go
View File

@ -605,7 +605,7 @@ func (npc *NetworkPolicyController) syncPodFirewallChains() (map[string]bool, er
activePodFwChains[podFwChainName] = true activePodFwChains[podFwChainName] = true
comment := "rule to permit the traffic traffic to pods when source is the pod's local node" comment := "rule to permit the traffic traffic to pods when source is the pod's local node"
args := []string{"-m", "comment", "--comment", comment, "-s", npc.nodeIP.String(), "-d", pod.ip, "-j", "ACCEPT"} args := []string{"-m", "comment", "--comment", comment, "-m", "addrtype", "--src-type", "LOCAL", "-d", pod.ip, "-j", "ACCEPT"}
exists, err := iptablesCmdHandler.Exists("filter", podFwChainName, args...) exists, err := iptablesCmdHandler.Exists("filter", podFwChainName, args...)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to run iptables command: %s", err.Error()) return nil, fmt.Errorf("Failed to run iptables command: %s", err.Error())