Skip to content

Commit

Permalink
Merge branch 'NET-1784' of https://github.com/gravitl/netclient into …
Browse files Browse the repository at this point in the history 
…NET-1784-nftables
  • Loading branch information
@abhishek9686
abhishek9686 committed Dec 5, 2024
2 parents 2f5dbf9 + 95b58c6 commit 0a01d68
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions firewall/iptables_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m
continue
}
ruleSpec := []string{"-s", rule.SrcIP.String()}
if rule.AllowedProtocol.String() != "" {
if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -466,7 +466,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m

} else {
ruleSpec := []string{"-s", rule.SrcIP.String()}
if rule.AllowedProtocol.String() != "" {
if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down Expand Up @@ -524,7 +524,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
continue
}
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -535,7 +535,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.

} else {
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down Expand Up @@ -572,7 +572,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
continue
}
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -583,7 +583,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.

} else {
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down

0 comments on commit 0a01d68

Please sign in to comment.