Skip to content

Commit

Permalink
Disable iptables bridge forwarding on initialization
Browse files Browse the repository at this point in the history
  • Loading branch information
yaocw2020 authored and bk201 committed Sep 18, 2024
1 parent 9892fc1 commit 6521629
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
6 changes: 1 addition & 5 deletions pkg/network/iface/bridge.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,6 @@ func NewBridge(name string) *Bridge {
// Ensure bridge
// set promiscuous mod default
func (br *Bridge) Ensure() error {
if err := disableBridgeNF(); err != nil {
return fmt.Errorf("disable net.bridge.bridge-nf-call-iptables failed, error: %w", err)
}

if err := netlink.LinkAdd(br); err != nil && err != syscall.EEXIST {
return fmt.Errorf("add iface failed, error: %w, iface: %v", err, br)
}
Expand Down Expand Up @@ -67,7 +63,7 @@ func (br *Bridge) Ensure() error {
return br.Fetch()
}

func disableBridgeNF() error {
func DisableBridgeNF() error {
return utils.EnsureSysctlValue(bridgeNFCallIptables, "0")
}

Expand Down
6 changes: 6 additions & 0 deletions pkg/network/vlan/vlan.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,3 +142,9 @@ func (v *Vlan) Bridge() *iface.Bridge {
func (v *Vlan) Uplink() *iface.Link {
return v.uplink
}

func init() {
if err := iface.DisableBridgeNF(); err != nil {
klog.Fatalf("disable net.bridge.bridge-nf-call-iptables failed, error: %v", err)
}
}

0 comments on commit 6521629

Please sign in to comment.