[lxc-devel] [lxd/master] lxd/firewall/drivers/drivers/xtables: Wait for each iptables call before proceeding to next
tomponline on Github
lxc-bot at linuxcontainers.org
Thu May 28 00:10:37 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 481 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200527/82e38482/attachment.bin>
-------------- next part --------------
From 1c4e6ea0874e491d07b6ed35921613bb9ba64bbe Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 28 May 2020 01:08:57 +0100
Subject: [PATCH] lxd/firewall/drivers/drivers/xtables: Wait for each iptables
call before proceeding to next
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/firewall/drivers/drivers_xtables.go | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lxd/firewall/drivers/drivers_xtables.go b/lxd/firewall/drivers/drivers_xtables.go
index 728161786e..d0822fb476 100644
--- a/lxd/firewall/drivers/drivers_xtables.go
+++ b/lxd/firewall/drivers/drivers_xtables.go
@@ -78,8 +78,7 @@ func (d Xtables) xtablesIsNftables(cmd string) bool {
// iptablesInUse returns whether the specified iptables backend command has any rules defined.
func (d Xtables) iptablesInUse(iptablesCmd string) bool {
- tables := []string{"filter", "nat", "mangle", "raw"}
- for _, table := range tables {
+ checkTable := func(table string) bool {
cmd := exec.Command(iptablesCmd, "-S", "-t", table)
stdout, err := cmd.StdoutPipe()
if err != nil {
@@ -100,6 +99,15 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
return true
}
}
+
+ return false
+ }
+
+ tables := []string{"filter", "nat", "mangle", "raw"}
+ for _, table := range tables {
+ if checkTable(table) {
+ return true
+ }
}
return false
More information about the lxc-devel
mailing list