adelorenzo/kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BUG: iptables rules

Browse Source 
Add default iptables to allow forward traffic from and to pod cidr.

Previously Kilo expected the default behaviour of the forward chain to
accept packets, which can not be guaranteed.
This commit is contained in:
leonnicolas
2021-01-29 19:56:15 +01:00
parent 27ca2d4b17
commit 448f618c60
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/mesh/mesh.go
View File

@@ -484,10 +484,7 @@ func (m *Mesh) applyTopology() {
m.errorCounter.WithLabelValues("apply").Inc()
return
}
var ipRules []iptables.Rule
if m.cni {
ipRules = append(ipRules, t.Rules(m.cni)...)
}
ipRules := t.Rules(m.cni)
// If we are handling local routes, ensure the local
// tunnel has an IP address and IPIP traffic is allowed.
if m.enc.Strategy() != encapsulation.Never && m.local {