From 1139058d8929fb7ca0e4455197f6396128d600c2 Mon Sep 17 00:00:00 2001 From: Judy Joseph Date: Wed, 23 Sep 2020 23:30:30 -0700 Subject: [PATCH] Keeping the original logic to clean the NAT entries, to revist when NAT feature added in namespace. --- files/image_config/caclmgrd/caclmgrd | 41 ++++++++++++++-------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/files/image_config/caclmgrd/caclmgrd b/files/image_config/caclmgrd/caclmgrd index 769d411f3470..e0565c655ad4 100755 --- a/files/image_config/caclmgrd/caclmgrd +++ b/files/image_config/caclmgrd/caclmgrd @@ -221,27 +221,28 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): """ fwd_snmp_traffic_from_namespace_to_host_cmds = [] - # The action set for iptables where D is DELETE, A is APPEND - rule_action_list = ['D', 'A'] - if namespace: - # Delete only the rules we created earlier before addiing them again, useful in case of caclmgrd restart. - for action in rule_action_list: - # IPv4 rules - fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + - "iptables -t nat -{} PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format - (action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ip)) - fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + - "iptables -t nat -{} POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format - (action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ip[namespace])) - - # IPv6 rules - fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + - "ip6tables -t nat -{} PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format - (action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ipv6)) - fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + - "ip6tables -t nat -{} POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format - (action, self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ipv6[namespace])) + # IPv4 rules + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -t nat -X") + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -t nat -F") + + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + + "iptables -t nat -A PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format + (self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ip)) + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + + "iptables -t nat -A POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format + (self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ip[namespace])) + + # IPv6 rules + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -t nat -X") + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -t nat -F") + + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + + "ip6tables -t nat -A PREROUTING -p udp --dport {} -j DNAT --to-destination {}".format + (self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_mgmt_ipv6)) + fwd_snmp_traffic_from_namespace_to_host_cmds.append(self.iptables_cmd_ns_prefix[namespace] + + "ip6tables -t nat -A POSTROUTING -p udp --dport {} -j SNAT --to-source {}".format + (self.ACL_SERVICES['SNMP']['dst_ports'][0], self.namespace_docker_mgmt_ipv6[namespace])) return fwd_snmp_traffic_from_namespace_to_host_cmds