Text file src/edge-infra.dev/pkg/sds/ien/k8s/controllers/nodeagent/plugins/networking/iptables/rules/mangle-OUTPUT-egressgw.rules

Documentation: edge-infra.dev/pkg/sds/ien/k8s/controllers/nodeagent/plugins/networking/iptables/rules

     1{{- if not .IsGateway}}
     2{{- $defaultLinkName := .DefaultLinkName -}}
     3
     4-o {{ $defaultLinkName }} -j MARK --set-mark 512 -m comment --comment "all host traffic egress gateway"
     5-o {{ $defaultLinkName }} -p tcp --sport 22 -j MARK --set-mark 0/512 -m comment --comment "egress gateway ignore ssh access"
     6-o {{ $defaultLinkName }} -d {{.ServiceNetwork}} -j MARK --set-mark 0/512 -m comment --comment "egress gateway ignore service network"
     7-o {{ $defaultLinkName }} -d {{.ClusterNetwork}} -j MARK --set-mark 0/512 -m comment --comment "egress gateway ignore cluster network"
     8-o {{ $defaultLinkName }} -d {{.KubeVip}} -j MARK --set-mark 0/512 -m comment --comment "egress gateway ignore intra-cluster traffic"
     9
    10{{- range $ip := .OtherNodeIPs}}
    11-o {{ $defaultLinkName }} -d {{ $ip }} -j MARK --set-mark 0/512 -m comment --comment "egress gateway ignore intra-cluster traffic"
    12
    13{{- end}}
    14{{- end}}

View as plain text