gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-09 16:21:01 +08:00
Code Issues Projects Releases Packages Wiki Activity

added option to make iptables change

Browse source
This commit is contained in:
0xdcarns 2022-03-28 10:36:23 -04:00
parent ffdc3daed4
commit 7ca2c259ed
3 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
main.go
View file

@ -109,7 +109,7 @@ func initialize() { // Client Mode Prereq Check
} }
// initialize iptables to ensure gateways work correctly and mq is forwarded if containerized // initialize iptables to ensure gateways work correctly and mq is forwarded if containerized
if servercfg.ManageIPTables() != "off" { if servercfg.ManageIPTables() != "off" {
if err = serverctl.InitIPTables(); err != nil { if err = serverctl.InitIPTables(true); err != nil {
logger.FatalLog("Unable to initialize iptables on host:", err.Error()) logger.FatalLog("Unable to initialize iptables on host:", err.Error())
} }
} }

2
mq/publishers.go
View file

@ -103,7 +103,7 @@ func sendPeers() {
// run iptables update to ensure gateways work correctly and mq is forwarded if containerized // run iptables update to ensure gateways work correctly and mq is forwarded if containerized
if servercfg.ManageIPTables() != "off" { if servercfg.ManageIPTables() != "off" {
serverctl.InitIPTables() serverctl.InitIPTables(false)
} }
force = true force = true

18
serverctl/iptables.go
View file

@ -16,7 +16,7 @@ import (
const netmakerProcessName = "netmaker" const netmakerProcessName = "netmaker"
// InitIPTables - intializes the server iptables // InitIPTables - intializes the server iptables
func InitIPTables() error { func InitIPTables(force bool) error {
_, err := exec.LookPath("iptables") _, err := exec.LookPath("iptables")
if err != nil { if err != nil {
return err return err
@ -26,7 +26,7 @@ func InitIPTables() error {
logger.Log(0, "error setting iptables forward policy: "+err.Error()) logger.Log(0, "error setting iptables forward policy: "+err.Error())
} }
err = portForwardServices() err = portForwardServices(force)
if err != nil { if err != nil {
return err return err
} }
@ -37,7 +37,7 @@ func InitIPTables() error {
} }
// set up port forwarding for services listed in config // set up port forwarding for services listed in config
func portForwardServices() error { func portForwardServices(force bool) error {
var err error var err error
services := servercfg.GetPortForwardServiceList() services := servercfg.GetPortForwardServiceList()
if len(services) == 0 || services[0] == "" { if len(services) == 0 || services[0] == "" {
@ -46,15 +46,15 @@ func portForwardServices() error {
for _, service := range services { for _, service := range services {
switch service { switch service {
case "mq": case "mq":
err = iptablesPortForward("mq", "1883", "1883", false) err = iptablesPortForward("mq", "1883", "1883", false, force)
case "dns": case "dns":
err = iptablesPortForward("coredns", "53", "53", false) err = iptablesPortForward("coredns", "53", "53", false, force)
case "ssh": case "ssh":
err = iptablesPortForward("netmaker", "22", "22", false) err = iptablesPortForward("netmaker", "22", "22", false, force)
default: default:
params := strings.Split(service, ":") params := strings.Split(service, ":")
if len(params) == 3 { if len(params) == 3 {
err = iptablesPortForward(params[0], params[1], params[2], true) err = iptablesPortForward(params[0], params[1], params[2], true, force)
} }
} }
if err != nil { if err != nil {
@ -83,7 +83,7 @@ func setForwardPolicy() error {
} }
// port forward from an entry, can contain a dns name for lookup // port forward from an entry, can contain a dns name for lookup
func iptablesPortForward(entry string, inport string, outport string, isIP bool) error { func iptablesPortForward(entry string, inport string, outport string, isIP, force bool) error {
var address string var address string
if !isIP { if !isIP {
@ -110,7 +110,7 @@ func iptablesPortForward(entry string, inport string, outport string, isIP bool)
return errors.New("could not locate ip for " + entry) return errors.New("could not locate ip for " + entry)
} }
if output, err := ncutils.RunCmd("iptables -t nat -C PREROUTING -p tcp --dport "+inport+" -j DNAT --to-destination "+address+":"+outport, false); output != "" || err != nil { if output, err := ncutils.RunCmd("iptables -t nat -C PREROUTING -p tcp --dport "+inport+" -j DNAT --to-destination "+address+":"+outport, false); output != "" || err != nil || force {
_, err := ncutils.RunCmd("iptables -t nat -A PREROUTING -p tcp --dport "+inport+" -j DNAT --to-destination "+address+":"+outport, false) _, err := ncutils.RunCmd("iptables -t nat -A PREROUTING -p tcp --dport "+inport+" -j DNAT --to-destination "+address+":"+outport, false)
if err != nil { if err != nil {
return err return err