fix: ip6tables check error

kubeovn · Feb 24, 2021 · e5e6e30 · e5e6e30
1 parent 23dcd2a
commit e5e6e30
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pkg/daemon/gateway.go b/pkg/daemon/gateway.go
@@ -44,8 +44,8 @@ var (
 	}
 	v6Rules = []util.IPTableRule{
 		// Prevent performing Masquerade on external traffic which arrives from a Node that owns the Pod/Subnet IP
-		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src  -m set --match-set ovn60local-pod-ip-nat dst -j RETURN`, " ")},
-		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src  -m set --match-set ovn60subnets-nat dst -j RETURN`, " ")},
+		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src -m set --match-set ovn60local-pod-ip-nat dst -j RETURN`, " ")},
+		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set ! --match-set ovn60subnets src -m set ! --match-set ovn60other-node src -m set --match-set ovn60subnets-nat dst -j RETURN`, " ")},
 		// NAT if pod/subnet to external address
 		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set --match-set ovn60local-pod-ip-nat src -m set ! --match-set ovn60subnets dst -j MASQUERADE`, " ")},
 		{Table: "nat", Chain: "POSTROUTING", Rule: strings.Split(`-m set --match-set ovn60subnets-nat src -m set ! --match-set ovn60subnets dst -j MASQUERADE`, " ")},