Skip to content

fix: remove iptables filter after CNI #2421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: remove iptables filter after CNI #2421

wants to merge 1 commit into from

Conversation

@MasterPtato
Copy link
Contributor

Changes

@MasterPtato MasterPtato requested a review from NathanFlurry May 2, 2025 01:52
This was referenced May 2, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@MasterPtato Graphite App
Copy link
Contributor Author

MasterPtato commented May 2, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

greptile-apps[bot]
greptile-apps bot reviewed May 2, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR modifies network security configuration by removing port restrictions in iptables, relying solely on CNI (Container Network Interface) for port mapping and access control.

  • Removes __MIN_WAN_PORT__:__MAX_WAN_PORT__ range restrictions from TCP/UDP ingress rules in pegboard_configure.sh, opening all ports to public traffic
  • Adds important warning comment about manually testing networking changes due to lack of automated tests
  • Simplifies error handling in actors.rs by removing redundant unwrap macro around network ports collection
  • Potential security impact needs review since CNI becomes sole gatekeeper for port access

2 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented May 2, 2025
edited
Loading

Deploying rivet with  Cloudflare Pages  Cloudflare Pages

Latest commit: 077070c
Status: ✅  Deploy successful!
Preview URL: https://3b632caf.rivet.pages.dev
Branch Preview URL: https://05-02-fix-remove-iptables-fi.rivet.pages.dev

View logs

@graphite-app graphite-app bot changed the base branch from 05-01-chore_fix_broadcast_req_error_logs to graphite-base/2421 May 2, 2025 01:59
@MasterPtato MasterPtato force-pushed the graphite-base/2421 branch from 26e7680 to c103001 Compare May 2, 2025 18:08
@MasterPtato MasterPtato force-pushed the 05-02-fix_remove_iptables_filter_after_cni branch from c1caae1 to 077070c Compare May 2, 2025 18:08
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented May 2, 2025
edited
Loading

Deploying rivet-studio with  Cloudflare Pages  Cloudflare Pages

Latest commit: 077070c
Status: ✅  Deploy successful!
Preview URL: https://44df4097.rivet-studio.pages.dev
Branch Preview URL: https://05-02-fix-remove-iptables-fi.rivet-studio.pages.dev

View logs

@MasterPtato MasterPtato changed the base branch from graphite-base/2421 to main May 2, 2025 18:08
@MasterPtato MasterPtato mentioned this pull request May 2, 2025
Closed
@cloudflare-workers-and-pages
Copy link

Deploying rivet-hub with  Cloudflare Pages  Cloudflare Pages

Latest commit: 077070c
Status:🚫  Build failed.

View logs

@MasterPtato MasterPtato mentioned this pull request May 6, 2025
Closed
@graphite-app
Copy link
Contributor

graphite-app bot commented May 6, 2025
edited
Loading

Merge activity

  • May 6, 3:44 PM EDT: MasterPtato added this pull request to the Graphite merge queue.
  • May 6, 3:45 PM EDT: CI is running for this pull request on a draft pull request (#2430) due to your merge queue CI optimization settings.
  • May 6, 3:45 PM EDT: Merged by the Graphite merge queue via draft PR: #2430.

graphite-app bot pushed a commit that referenced this pull request May 6, 2025
@MasterPtato
fix: remove iptables filter after CNI (#2421)
631965b 
<!-- Please make sure there is an issue that this PR is correlated to. -->

## Changes

<!-- If there are frontend changes, please include screenshots. -->
@graphite-app graphite-app bot closed this May 6, 2025
@graphite-app graphite-app bot deleted the 05-02-fix_remove_iptables_filter_after_cni branch May 6, 2025 19:45
@github-actions github-actions bot mentioned this pull request May 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NathanFlurry NathanFlurry Awaiting requested review from NathanFlurry

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MasterPtato