From 9b19bbe69c1528ed5a81a9edbe0c9ef4a9b489af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucas=20Serv=C3=A9n=20Mar=C3=ADn?= <lserven@gmail.com>
Date: Mon, 11 May 2020 22:50:01 +0200
Subject: [PATCH] pkg/iptables: remove nil rules from list on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, when `deleteFromIndex` exited early due to an error, nil
rules would be left in the controller's list of rules, which could
provoke a panic on the next reconciliation. This commit ensures that nil
rules are removed before an early exit.

Fixes: #51

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
---
 pkg/iptables/iptables.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/iptables/iptables.go b/pkg/iptables/iptables.go
index 91044cc..7b12886 100644
--- a/pkg/iptables/iptables.go
+++ b/pkg/iptables/iptables.go
@@ -280,6 +280,7 @@ func (c *Controller) deleteFromIndex(i int, rules *[]Rule) error {
 	}
 	for j := i; j < len(*rules); j++ {
 		if err := (*rules)[j].Delete(c.client((*rules)[j].Proto())); err != nil {
+			*rules = append((*rules)[:i], (*rules)[j:]...)
 			return fmt.Errorf("failed to delete rule: %v", err)
 		}
 		(*rules)[j] = nil