[lxc-devel] [lxd/master] Fix networkIptablesClear with missing ip{6}tables
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Aug 21 04:52:43 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170821/5fc355b6/attachment.bin>
-------------- next part --------------
From 1ec2aab643e51d212c8b7ecaabc810e573458d10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 21 Aug 2017 00:51:48 -0400
Subject: [PATCH] Fix networkIptablesClear with missing ip{6}tables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #3688
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/networks_iptables.go | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/lxd/networks_iptables.go b/lxd/networks_iptables.go
index d493d72b5..e0ea7b0e6 100644
--- a/lxd/networks_iptables.go
+++ b/lxd/networks_iptables.go
@@ -2,6 +2,7 @@ package main
import (
"fmt"
+ "os/exec"
"strings"
"github.com/lxc/lxd/shared"
@@ -13,16 +14,22 @@ func networkIptablesPrepend(protocol string, netName string, table string, chain
cmd = "ip6tables"
}
+ _, err := exec.LookPath(cmd)
+ if err != nil {
+ return fmt.Errorf("Asked to setup %s firewalling but %s can't be found", protocol, cmd)
+ }
+
baseArgs := []string{"-w"}
- if table != "" {
- baseArgs = append(baseArgs, []string{"-t", table}...)
+ if table == "" {
+ table = "filter"
}
+ baseArgs = append(baseArgs, []string{"-t", table}...)
// Check for an existing entry
args := append(baseArgs, []string{"-C", chain}...)
args = append(args, rule...)
args = append(args, "-m", "comment", "--comment", fmt.Sprintf("generated for LXD network %s", netName))
- _, err := shared.RunCommand(cmd, args...)
+ _, err = shared.RunCommand(cmd, args...)
if err == nil {
return nil
}
@@ -51,10 +58,16 @@ func networkIptablesClear(protocol string, netName string, table string) error {
cmd = "ip6tables"
}
+ _, err := exec.LookPath(cmd)
+ if err != nil {
+ return nil
+ }
+
baseArgs := []string{"-w"}
- if table != "" {
- baseArgs = append(baseArgs, []string{"-t", table}...)
+ if table == "" {
+ table = "filter"
}
+ baseArgs = append(baseArgs, []string{"-t", table}...)
// List the rules
args := append(baseArgs, "-S")
More information about the lxc-devel
mailing list