Skip to content

Commit 1139058

Browse files
judyjosephjudyjoseph
committed
Keeping the original logic to clean the NAT entries, to revist when NAT feature added in namespace.
1 parent db5b102 commit 1139058

File tree

1 file changed

+21
-20
lines changed

1 file changed

+21
-20
lines changed

files/image_config/caclmgrd/caclmgrd

+21-20
Original file line numberDiff line numberDiff line change
@@ -221,27 +221,28 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
221221
"""
222222
fwd_snmp_traffic_from_namespace_to_host_cmds = []
223223

224-
# The action set for iptables where D is DELETE, A is APPEND
225-
rule_action_list = ['D', 'A']
226-
227224
if namespace:
228-
# Delete only the rules we created earlier before addiing them again, useful in case of caclmgrd restart.
229-
for action in rule_action_list:
230-
# IPv4 rules
231-
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
232-
"iptables -t nat -{} PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format
233-
(action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ip))
234-
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
235-
"iptables -t nat -{} POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format
236-
(action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ip[namespace]))
237-
238-
# IPv6 rules
239-
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
240-
"ip6tables -t nat -{} PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format
241-
(action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ipv6))
242-
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
243-
"ip6tables -t nat -{} POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format
244-
(action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ipv6[namespace]))
225+
# IPv4 rules
226+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -t nat -X")
227+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -t nat -F")
228+
229+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
230+
"iptables -t nat -A PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format
231+
(self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ip))
232+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
233+
"iptables -t nat -A POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format
234+
(self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ip[namespace]))
235+
236+
# IPv6 rules
237+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -t nat -X")
238+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -t nat -F")
239+
240+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
241+
"ip6tables -t nat -A PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format
242+
(self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ipv6))
243+
fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] +
244+
"ip6tables -t nat -A POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format
245+
(self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ipv6[namespace]))
245246

246247
return fwd_snmp_traffic_from_namespace_to_host_cmds
247248

0 commit comments

Comments
 (0)