feat: [NPM] iptables comments for v2 #1167
Conversation
| */ | ||
|
|
||
| func (networkPolicy *NPMNetworkPolicy) commentForJumpToIngress() string { | ||
| return networkPolicy.commentForJump(true) |
There was a problem hiding this comment.
Can you change true/false to constant types for ingressJump or egressJump, that was it will be easier to read ?
| return fmt.Sprintf("-ON-%s", string(proto)) | ||
| } | ||
|
|
||
| func (portRange *Ports) comment() string { |
There was a problem hiding this comment.
instead of having these .comment() functions for all in this file, can we place these near their type declarations? that will be cleaner in my opinion ? No strong opinion though
There was a problem hiding this comment.
I think we should leave as is since comments are only used in Linux, and we don't have a policies_linux.go file
There was a problem hiding this comment.
@vakalapa is correct, methods should be defined next to their receivers
the farther a declaration is from the usage, the harder it is to grok
There was a problem hiding this comment.
edit: we do have a policies_linux.go file. Might make sense to compile iptables code into one file?
There was a problem hiding this comment.
as discussed offline, moving these Linux-specific codes to policy_linux.go
iptables comments will allow us to debug/understand which policies and what ACL rules are which within iptables. For an overview of what the comments will look like, see the description in iptables-comments_linux.go.
This PR also updates the validation check for port/protocol constraints in policy.go so that ACLs with a namedport are required to have
UnspecifiedProtocol