mirror of
https://github.com/cloudnativelabs/kube-router.git
synced 2025-10-05 15:01:04 +02:00
4da8ee70f2
* prevent host services from being accessible through service IPs - on startup create ipsets and firewall rules - on sync update ipsets - on cleanup remove firewall rules and ipsets Fixes #282. Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * ensure iptables rules are also available during cleanup Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * first check if chain exists Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * err not a new variable Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * more redeclared vars Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * maintain a ipset for local addresses and exclude those from our default deny rule Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch> * copy/paste errors Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>