Skip to content

Commit

Permalink
ignore all protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
@abhishek9686
abhishek9686 committed Dec 5, 2024
1 parent cb5f152 commit 95b58c6
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions firewall/iptables_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m
continue
}
ruleSpec := []string{"-s", rule.SrcIP.String()}
if rule.AllowedProtocol.String() != "" {
if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -521,7 +521,7 @@ func (i *iptablesManager) InsertIngressRoutingRules(server string, ingressInfo m

} else {
ruleSpec := []string{"-s", rule.SrcIP.String()}
if rule.AllowedProtocol.String() != "" {
if rule.AllowedProtocol.String() != "" && rule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", rule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down Expand Up @@ -614,7 +614,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
continue
}
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -625,7 +625,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.

} else {
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down Expand Up @@ -662,7 +662,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.
continue
}
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "--dport", port)
Expand All @@ -673,7 +673,7 @@ func (i *iptablesManager) AddAclRules(server string, aclRules map[string]models.

} else {
ruleSpec := []string{"-s", strings.Join(allowedIps, ",")}
if aclRule.AllowedProtocol.String() != "" {
if aclRule.AllowedProtocol.String() != "" && aclRule.AllowedProtocol != models.ALL {
ruleSpec = append(ruleSpec, "-p", aclRule.AllowedProtocol.String())
}
ruleSpec = append(ruleSpec, "-j", "ACCEPT")
Expand Down

0 comments on commit 95b58c6

Please sign in to comment.