From 0c73ed60f4fa3e2dfef4a6d22ba1b8f6d2612772 Mon Sep 17 00:00:00 2001 From: Paulo Nascimento Date: Sat, 20 Mar 2021 18:23:32 -0300 Subject: [PATCH] Cleaned up rule logs --- pkg/mesh/mesh.go | 2 +- pkg/mesh/routes.go | 16 ++-------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/pkg/mesh/mesh.go b/pkg/mesh/mesh.go index 0ff1fd1..64eec75 100644 --- a/pkg/mesh/mesh.go +++ b/pkg/mesh/mesh.go @@ -489,7 +489,7 @@ func (m *Mesh) applyTopology() { m.errorCounter.WithLabelValues("apply").Inc() return } - ipRules := t.Rules(m.cni, m.logger) + ipRules := t.Rules(m.cni) // If we are handling local routes, ensure the local // tunnel has an IP address and IPIP traffic is allowed. if m.enc.Strategy() != encapsulation.Never && m.local { diff --git a/pkg/mesh/routes.go b/pkg/mesh/routes.go index 8d23df9..04a7812 100644 --- a/pkg/mesh/routes.go +++ b/pkg/mesh/routes.go @@ -17,8 +17,6 @@ package mesh import ( - "github.com/go-kit/kit/log" - "github.com/go-kit/kit/log/level" "net" "github.com/vishvananda/netlink" @@ -222,7 +220,7 @@ func encapsulateRoute(route *netlink.Route, encapsulate encapsulation.Strategy, } // Rules returns the iptables rules required by the local node. -func (t *Topology) Rules(cni bool, logger log.Logger) []iptables.Rule { +func (t *Topology) Rules(cni bool) []iptables.Rule { var rules []iptables.Rule rules = append(rules, iptables.NewIPv4Chain("nat", "KILO-NAT")) rules = append(rules, iptables.NewIPv6Chain("nat", "KILO-NAT")) @@ -232,17 +230,7 @@ func (t *Topology) Rules(cni bool, logger log.Logger) []iptables.Rule { for _, s := range t.segments { rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(s.wireGuardIP)), "nat", "KILO-NAT", "-d", oneAddressCIDR(s.wireGuardIP).String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for WireGuared IPs", "-j", "RETURN")) for _, aip := range s.allowedIPs { - var proto = iptables.GetProtocol(len(aip.IP)) - - rules = append(rules, iptables.NewRule(proto, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN")) - - var protocolName = "ipv4" - - if proto == iptables.ProtocolIPv6 { - protocolName = "ipv6" - } - - level.Debug(logger).Log("msg", "Firewall NAT rule created.", "AIP", aip, "Protocol", protocolName) + rules = append(rules, iptables.NewRule(iptables.GetProtocol(len(aip.IP)), "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN")) } } for _, p := range t.peers {