From 5033bd26076f2fc55f9c7df211e703e00ab22745 Mon Sep 17 00:00:00 2001
From: Paulo Nascimento <paulo.nascimento@medwing.com>
Date: Sat, 20 Mar 2021 18:02:01 -0300
Subject: [PATCH] Log firewall rule call

---
 pkg/iptables/iptables.go | 12 +++++++++++-
 pkg/mesh/routes.go       |  8 +++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/pkg/iptables/iptables.go b/pkg/iptables/iptables.go
index 2bd535d..3115a4f 100644
--- a/pkg/iptables/iptables.go
+++ b/pkg/iptables/iptables.go
@@ -362,9 +362,19 @@ func (c *Controller) Set(rules []Rule) error {
 			}
 		}
 		if i >= len(c.rules) {
-			if err := rules[i].Add(c.client(rules[i].Proto())); err != nil {
+			var proto = rules[i].Proto()
+
+			var protocolName = "ipv4"
+
+			if proto == ProtocolIPv6 {
+				protocolName = "ipv6"
+			}
+
+			level.Debug(c.logger).Log("msg", "Applying Firewall Rule...", "Rule", c.rules[i].String(), "Protocol", protocolName)
+			if err := rules[i].Add(c.client(proto)); err != nil {
 				return fmt.Errorf("failed to add rule: %v", err)
 			}
+			level.Debug(c.logger).Log("msg", "Firewall Rule applied.", "Rule", c.rules[i].String(), "Protocol", protocolName)
 			c.rules = append(c.rules, rules[i])
 		}
 
diff --git a/pkg/mesh/routes.go b/pkg/mesh/routes.go
index db199d0..8d23df9 100644
--- a/pkg/mesh/routes.go
+++ b/pkg/mesh/routes.go
@@ -234,17 +234,15 @@ func (t *Topology) Rules(cni bool, logger log.Logger) []iptables.Rule {
 		for _, aip := range s.allowedIPs {
 			var proto = iptables.GetProtocol(len(aip.IP))
 
+			rules = append(rules, iptables.NewRule(proto, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
+
 			var protocolName = "ipv4"
 
 			if proto == iptables.ProtocolIPv6 {
 				protocolName = "ipv6"
 			}
 
-			level.Debug(logger).Log("msg", "Applying Firewall Rules...", "IP len", len(aip.IP), "AIP", aip, "Protocol", protocolName)
-
-			rules = append(rules, iptables.NewRule(iptables.ProtocolIPv4, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
-
-			level.Debug(logger).Log("msg", "Firewall Rules applied.", "AIP", aip, "Protocol", proto)
+			level.Debug(logger).Log("msg", "Firewall NAT rule created.", "AIP", aip, "Protocol", protocolName)
 		}
 	}
 	for _, p := range t.peers {