This commit adds a logger to the iptables controller using the options
pattern. It also logs when the controller needs to reset rules, to be
able to identify costly reconciliations.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit enables simultaneously managing IPv4 and IPv6 iptables
rules. This makes it possible to have peers with IPv6 allowed IPs in an
otherwise IPv4 stack and vice versa.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit cleans up the iptables package to allow other packages to
create rules.
This commit also removes all NAT from Kilo.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit takes a big step towards ensuring that iptables rules are
always kept in the correct order. Specifically, when re-setting a a
ruleset, any time a rule is missing, that rule and all following rules
are re-added to ensure that from that index onwards all rules are in the
right order. Similarly, when reconciling an existing ruleset against the
backend, if a rule is missing, that rule an all following rules are
re-added.
This change does not guarantee that the order of rules in the backend
is correct. Unless an actor is modifying the order of rules in iptables,
all rules created by Kilo should now be kept in the correct order.
Fixes: #19
