adelorenzo/kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Log firewall rule call

Browse Source
This commit is contained in:
Paulo Nascimento
2021-03-20 18:02:01 -03:00
parent 7266ca8f22
commit 5033bd2607
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/mesh/routes.go
View File

@@ -234,17 +234,15 @@ func (t *Topology) Rules(cni bool, logger log.Logger) []iptables.Rule {
for _, aip := range s.allowedIPs {
var proto = iptables.GetProtocol(len(aip.IP))
rules = append(rules, iptables.NewRule(proto, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
var protocolName = "ipv4"
if proto == iptables.ProtocolIPv6 {
protocolName = "ipv6"
}
level.Debug(logger).Log("msg", "Applying Firewall Rules...", "IP len", len(aip.IP), "AIP", aip, "Protocol", protocolName)
rules = append(rules, iptables.NewRule(iptables.ProtocolIPv4, "nat", "KILO-NAT", "-d", aip.String(), "-m", "comment", "--comment", "Kilo: do not NAT packets destined for known IPs", "-j", "RETURN"))
level.Debug(logger).Log("msg", "Firewall Rules applied.", "AIP", aip, "Protocol", proto)
level.Debug(logger).Log("msg", "Firewall NAT rule created.", "AIP", aip, "Protocol", protocolName)
}
}
for _, p := range t.peers {