Skip to content

Commit

Permalink
Moved default ACCEPT policy at the end of the chain
Browse files Browse the repository at this point in the history 
Signed-off-by: Roberto Bonafiglia <[email protected]>
  • Loading branch information
@rbrtbnfgl
rbrtbnfgl committed Apr 5, 2023
1 parent 5918480 commit e18008d
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions pkg/controllers/netpol/network_policy_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -500,11 +500,11 @@ func (npc *NetworkPolicyController) ensureExplicitAccept() {
// for the traffic to/from the local pod's let network policy controller be
// authoritative entity to ACCEPT the traffic if it complies to network policies
for _, filterTableRules := range npc.filterTableRules {
for _, chain := range defaultChains {
comment := "\"rule to explicitly ACCEPT traffic that comply to network policies\""
for mainChain, _ := range defaultChains {
comment := "\"KUBE-ROUTER rule to explicitly ACCEPT traffic that comply to network policies\""
args := []string{"-m", "comment", "--comment", comment, "-m", "mark", "--mark", "0x20000/0x20000",
"-j", "RETURN"}
utils.AppendUnique(filterTableRules, chain, args)
"-j", "ACCEPT"}
utils.AppendUnique(filterTableRules, mainChain, args)
}
}
}
Expand Down

0 comments on commit e18008d

Please sign in to comment.