Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) #9725

Merged
merged 1 commit into from
Mar 26, 2024
Merged

feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) #9725

merged 1 commit into from
Mar 26, 2024

Conversation

kumahq[bot]
Copy link
Contributor

@kumahq kumahq bot commented Mar 26, 2024
edited by bartsmykla

Automatic cherry-pick of #9701 for branch release-2.3

Generated by action

cherry-picked commit a33eec8

Changelog: skip

@bartsmykla @kumahq
feat(images/kuma-init): use iptables-wrapper to use correct iptables …
92361a7 
…version (#9701)

As of iptables 1.8, the iptables command line clients come in two different
versions/modes: "legacy", which uses the kernel iptables API just like
iptables 1.6 and earlier did, and "nft", which translates the iptables
command-line API into the kernel nftables API.

Because they connect to two different subsystems in the kernel, you cannot mix
and match between them; in particular, if you are adding a new rule that needs
to run either before or after some existing rules (such as the system firewall
rules), then you need to create your rule with the same iptables mode as
the other rules were created with, since otherwise the ordering may not be what
you expect. (eg, if you prepend a rule using the nft-based client, it will
still run after all rules that were added with the legacy iptables client.)

Signed-off-by: Bart Smykla <bartek@smykla.com>
@kumahq kumahq bot added the release-2.3 label Mar 26, 2024
@bartsmykla bartsmykla merged commit 4da2646 into release-2.3 Mar 26, 2024
9 checks passed
@bartsmykla bartsmykla deleted the chore/backport-release-2.3-9701 branch March 26, 2024 12:26
bartsmykla added a commit to bartsmykla/kuma that referenced this pull request Mar 29, 2024
@bartsmykla
Revert "feat(images/kuma-init): use iptables-wrapper to use correct i…
3da537f 
…ptables version (backport of kumahq#9701) (kumahq#9725)"

This reverts commit 4da2646.

Signed-off-by: Bart Smykla <bartek@smykla.com>
bartsmykla added a commit that referenced this pull request Mar 29, 2024
@bartsmykla
Revert "feat(images/kuma-init): use iptables-wrapper to use correct i…
05f6149 
…ptables version (backport of #9701) (#9725)" (#9758)

This reverts commit 4da2646.

Signed-off-by: Bart Smykla <bartek@smykla.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartsmykla bartsmykla bartsmykla approved these changes

Assignees
No one assigned
Labels
release-2.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@bartsmykla