Skip to content

iptables: add back missing kernel modules for iptables#11982

Merged
dallasd1 merged 3 commits into3.0-devfrom
dadelan/iptables-module
Jan 21, 2025
Merged

iptables: add back missing kernel modules for iptables#11982
dallasd1 merged 3 commits into3.0-devfrom
dadelan/iptables-module

Conversation

@dallasd1
Copy link
Copy Markdown
Contributor

@dallasd1 dallasd1 commented Jan 17, 2025
edited
Loading

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

Add back missing kernel modules for iptables introduced by change that enabled nftables

Change Log
  • Add new config to load iptables kernel modules to the iptables package
Does this affect the toolchain?

NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology

@microsoft-github-policy-service microsoft-github-policy-service Bot added Packaging 3.0-dev PRs Destined for AzureLinux 3.0 labels Jan 17, 2025
@dallasd1 dallasd1 marked this pull request as ready for review January 17, 2025 22:54
@dallasd1 dallasd1 requested a review from a team as a code owner January 17, 2025 22:54
christopherco
christopherco reviewed Jan 18, 2025
View reviewed changes
Comment thread SPECS/iptables/iptables.conf Outdated
Comment thread SPECS/iptables/iptables.signatures.json Outdated
dallasd1 and others added 2 commits January 17, 2025 17:34
@dallasd1 @christopherco
Update SPECS/iptables/iptables.conf
65ff8c2 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
@dallasd1
update config sig
425c687
mfrw
mfrw approved these changes Jan 20, 2025
View reviewed changes
Comment thread SPECS/iptables/iptables.conf
mfrw
mfrw reviewed Jan 20, 2025
View reviewed changes
Comment thread SPECS/iptables/iptables.conf
ip6table_mangle
ip6table_nat
ebt_ip
nf_nat
Copy link
Copy Markdown
Member

@mfrw mfrw Jan 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we add these modules as well:

ipt_ah 
ipt_ECN 
ipt_REJECT 
ipt_rpfilter 
ipt_SYNPROXY

Rationale: When i did a repro locally, I could see these modules also

Copy link
Copy Markdown
Contributor Author

@dallasd1 dallasd1 Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were these enabled by default with the previous iptables package or only after the repro? If they weren't loaded before the repro, I don't think we'd want to add them to the conf file

@dallasd1 dallasd1 merged commit 9ea5b46 into 3.0-dev Jan 21, 2025
@dallasd1 dallasd1 deleted the dadelan/iptables-module branch January 21, 2025 18:24
jslobodzian pushed a commit that referenced this pull request Jan 22, 2025
@dallasd1 @christopherco @jslobodzian
iptables: add back missing kernel modules for iptables (#11982)
1e978ac 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
SumitJenaHCL pushed a commit to SumitJenaHCL/azurelinux that referenced this pull request Jan 28, 2025
@dallasd1 @christopherco @SumitJenaHCL
iptables: add back missing kernel modules for iptables (microsoft#11982)
c6fb08d 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
SumitJenaHCL pushed a commit to SumitJenaHCL/azurelinux that referenced this pull request Feb 24, 2025
@dallasd1 @christopherco @SumitJenaHCL
iptables: add back missing kernel modules for iptables (microsoft#11982)
0cabd13 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
KavyaSree2610 pushed a commit to KavyaSree2610/azurelinux that referenced this pull request Mar 24, 2025
@dallasd1 @christopherco
iptables: add back missing kernel modules for iptables (microsoft#11982)
dafbed4 
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mfrw mfrw mfrw approved these changes

@jslobodzian jslobodzian jslobodzian approved these changes

@christopherco christopherco christopherco approved these changes

Assignees

No one assigned

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Packaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dallasd1 @mfrw @jslobodzian @christopherco