[lxc-devel] [lxd/master] Fix networkIptablesClear with missing ip{6}tables

stgraber on Github lxc-bot at linuxcontainers.org
Mon Aug 21 04:52:43 UTC 2017


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170821/5fc355b6/attachment.bin>
-------------- next part --------------
From 1ec2aab643e51d212c8b7ecaabc810e573458d10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 21 Aug 2017 00:51:48 -0400
Subject: [PATCH] Fix networkIptablesClear with missing ip{6}tables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #3688

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/networks_iptables.go | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/lxd/networks_iptables.go b/lxd/networks_iptables.go
index d493d72b5..e0ea7b0e6 100644
--- a/lxd/networks_iptables.go
+++ b/lxd/networks_iptables.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"os/exec"
 	"strings"
 
 	"github.com/lxc/lxd/shared"
@@ -13,16 +14,22 @@ func networkIptablesPrepend(protocol string, netName string, table string, chain
 		cmd = "ip6tables"
 	}
 
+	_, err := exec.LookPath(cmd)
+	if err != nil {
+		return fmt.Errorf("Asked to setup %s firewalling but %s can't be found", protocol, cmd)
+	}
+
 	baseArgs := []string{"-w"}
-	if table != "" {
-		baseArgs = append(baseArgs, []string{"-t", table}...)
+	if table == "" {
+		table = "filter"
 	}
+	baseArgs = append(baseArgs, []string{"-t", table}...)
 
 	// Check for an existing entry
 	args := append(baseArgs, []string{"-C", chain}...)
 	args = append(args, rule...)
 	args = append(args, "-m", "comment", "--comment", fmt.Sprintf("generated for LXD network %s", netName))
-	_, err := shared.RunCommand(cmd, args...)
+	_, err = shared.RunCommand(cmd, args...)
 	if err == nil {
 		return nil
 	}
@@ -51,10 +58,16 @@ func networkIptablesClear(protocol string, netName string, table string) error {
 		cmd = "ip6tables"
 	}
 
+	_, err := exec.LookPath(cmd)
+	if err != nil {
+		return nil
+	}
+
 	baseArgs := []string{"-w"}
-	if table != "" {
-		baseArgs = append(baseArgs, []string{"-t", table}...)
+	if table == "" {
+		table = "filter"
 	}
+	baseArgs = append(baseArgs, []string{"-t", table}...)
 
 	// List the rules
 	args := append(baseArgs, "-S")


More information about the lxc-devel mailing list