Log firewall rule call

2021-03-20 18:02:01 -03:00 · 2021-03-20 18:02:01 -03:00 · 5033bd2607
commit 5033bd2607
parent 7266ca8f22
2 changed files with 14 additions and 6 deletions
--- a/pkg/iptables/iptables.go
+++ b/pkg/iptables/iptables.go
@ -362,9 +362,19 @@ func (c *Controller) Set(rules []Rule) error {
 			}
 		}
 		if i >= len(c.rules) {
-			if err := rules[i].Add(c.client(rules[i].Proto())); err != nil {
+			var proto = rules[i].Proto()
+
+			var protocolName = "ipv4"
+
+			if proto == ProtocolIPv6 {
+				protocolName = "ipv6"
+			}
+
+			level.Debug(c.logger).Log("msg", "Applying Firewall Rule...", "Rule", c.rules[i].String(), "Protocol", protocolName)
+			if err := rules[i].Add(c.client(proto)); err != nil {
 				return fmt.Errorf("failed to add rule: %v", err)
 			}
+			level.Debug(c.logger).Log("msg", "Firewall Rule applied.", "Rule", c.rules[i].String(), "Protocol", protocolName)
 			c.rules = append(c.rules, rules[i])
 		}

--- a/pkg/mesh/routes.go
+++ b/pkg/mesh/routes.go
@ -234,17 +234,15 @@ func (t *Topology) Rules(cni bool, logger log.Logger) []iptables.Rule {
 		for _, aip := range s.allowedIPs {
 			var proto = iptables.GetProtocol(len(aip.IP))

+			rules = append(rules, iptables.NewRule(proto, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
+
 			var protocolName = "ipv4"

 			if proto == iptables.ProtocolIPv6 {
 				protocolName = "ipv6"
 			}

-			level.Debug(logger).Log("msg", "Applying Firewall Rules...", "IP len", len(aip.IP), "AIP", aip, "Protocol", protocolName)
-
-			rules = append(rules, iptables.NewRule(iptables.ProtocolIPv4, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
-
-			level.Debug(logger).Log("msg", "Firewall Rules applied.", "AIP", aip, "Protocol", proto)
+			level.Debug(logger).Log("msg", "Firewall NAT rule created.", "AIP", aip, "Protocol", protocolName)
 		}
 	}
 	for _, p := range t.peers {