mirror of
https://github.com/cloudnativelabs/kube-router.git
synced 2025-10-06 07:21:03 +02:00
8bcd166c4c
For very busy tcp connections there is a small possibility to receive a TCP RST during the iptables sync. A default `REJECT` rule is chronologically added before the allow-`RELATED,ESTABLISHED` rule for ingress and egress connections. In between of the creation of these two rules a connection reset can happen for already established connections. This commits swaps the order of rule insertion.