From c744c41b3bcb16c1f1287dbe66c8b3c824a4f6f2 Mon Sep 17 00:00:00 2001
From: Thomas Way <thomas@6f.io>
Date: Thu, 9 May 2024 09:38:00 +0100
Subject: [PATCH] chore(internal/iptables): exec iptables-restore directly

iptables-restore was being executed via bash, which was unnecessary.
Executing directly is simpler and more reliable.

Fixes: #79
---
 internal/iptables/iptables.go | 30 ++++++------------------------
 1 file changed, 6 insertions(+), 24 deletions(-)

diff --git a/internal/iptables/iptables.go b/internal/iptables/iptables.go
index d514b3ab..08888d1f 100644
--- a/internal/iptables/iptables.go
+++ b/internal/iptables/iptables.go
@@ -2,36 +2,18 @@ package iptables
 
 import (
 	"fmt"
+	"os/exec"
+	"strings"
+
 	"github.com/go-logr/logr"
 	"github.com/jodevsa/wireguard-operator/pkg/agent"
 	"github.com/jodevsa/wireguard-operator/pkg/api/v1alpha1"
-	"os"
-	"os/exec"
-	"strings"
 )
 
 func ApplyRules(rules string) error {
-	file, err := os.CreateTemp("/tmp", "iptables-")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(file.Name())
-
-	err = os.WriteFile(file.Name(), []byte(rules), 0640)
-
-	if err != nil {
-		return err
-	}
-
-	bashCommand := fmt.Sprintf("iptables-restore < %s", file.Name())
-	cmd := exec.Command("bash", "-c", bashCommand)
-
-	err = cmd.Run()
-	if err != nil {
-		return err
-	}
-
-	return nil
+	cmd := exec.Command("iptables-restore")
+	cmd.Stdin = strings.NewReader(rules)
+	return cmd.Run()
 }
 
 type Iptables struct {