From f52b8ac41274e23ee01d29b1bbb992b38b605868 Mon Sep 17 00:00:00 2001 From: oilbeater Date: Fri, 20 Dec 2024 10:14:45 +0000 Subject: [PATCH] refactor: remove duplicated iptables subnet forward rules The ipset based iptables rules have already did the work. Signed-off-by: oilbeater --- pkg/daemon/gateway_linux.go | 41 +------------------------------------ 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go index a36286cb86d..da510d8bca7 100644 --- a/pkg/daemon/gateway_linux.go +++ b/pkg/daemon/gateway_linux.go @@ -731,46 +731,7 @@ func (c *Controller) setIptables() error { ) } } - _, subnetCidrs, err := c.getDefaultVpcSubnetsCIDR(protocol) - if err != nil { - klog.Errorf("get subnets failed, %+v", err) - return err - } - - for name, subnetCidr := range subnetCidrs { - iptablesRules = append(iptablesRules, - util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -s %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))}, - util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -d %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))}, - ) - } - - rules, err := ipt.List("filter", "FORWARD") - if err != nil { - klog.Errorf(`failed to list iptables rule table "filter" chain "FORWARD" with err %v `, err) - return err - } - - for _, rule := range rules { - if !strings.Contains(rule, util.OvnSubnetGatewayIptables) { - continue - } - - var inUse bool - for name := range subnetCidrs { - if slices.Contains(util.DoubleQuotedFields(rule), fmt.Sprintf("%s,%s", util.OvnSubnetGatewayIptables, name)) { - inUse = true - break - } - } - - if !inUse { - // rule[11:] skip "-A FORWARD " - if err = deleteIptablesRule(ipt, util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: util.DoubleQuotedFields(rule[11:])}); err != nil { - klog.Error(err) - return err - } - } - } + var natPreroutingRules, natPostroutingRules, ovnMasqueradeRules, manglePostroutingRules []util.IPTableRule for _, rule := range iptablesRules { if rule.Table == NAT {