Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

add --physdev-is-bridged flag when using physdev module for iptables #3453

Merged
merged 2 commits into from
Dec 5, 2018
Merged

add --physdev-is-bridged flag when using physdev module for iptables #3453

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0666932
add --physdev-is-bridged flag when using physdev module for iptables
murali-reddy Nov 20, 2018
99e360c
skip egress network policies for the traffic node->bridge ip
murali-reddy Dec 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions prog/weave-npc/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func createBaseRules(ipt *iptables.IPTables, ips ipset.Interface) error {

// If the destination address is not any of the local pods, let it through
if err := ipt.Append(npc.TableFilter, npc.MainChain,
"-m", "physdev", "--physdev-out="+bridgePortName, "-j", "ACCEPT"); err != nil {
"-m", "physdev", "--physdev-is-bridged", "--physdev-out="+bridgePortName, "-j", "ACCEPT"); err != nil {
return err
}

Expand Down Expand Up @@ -171,7 +171,7 @@ func createBaseRules(ipt *iptables.IPTables, ips ipset.Interface) error {

ruleSpecs := [][]string{
{"-m", "state", "--state", "RELATED,ESTABLISHED", "-j", "ACCEPT"},
{"-m", "physdev", "--physdev-in=" + bridgePortName, "-j", "RETURN"},
{"-m", "physdev", "--physdev-is-bridged", "--physdev-in=" + bridgePortName, "-j", "RETURN"},
}
if allowMcast {
ruleSpecs = append(ruleSpecs, []string{"-d", "224.0.0.0/4", "-j", "RETURN"})
Expand Down