diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index d4fe596e945..7a762aba092 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -371,7 +371,7 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) { natRules := bytes.NewBuffer(nil) writeLine(natChains, "*nat") // Start with chains we know we need to remove. - for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain, KubeMarkMasqChain} { + for _, chain := range []utiliptables.Chain{kubeServicesChain, kubeNodePortsChain, kubePostroutingChain} { if _, found := existingNATChains[chain]; found { chainString := string(chain) writeBytesLine(natChains, existingNATChains[chain]) // flush diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 72ca19383ce..050ea23ff26 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -111,6 +111,18 @@ var iptablesChains = []struct { {utiliptables.TableFilter, KubeForwardChain}, } +var iptablesCleanupChains = []struct { + table utiliptables.Table + chain utiliptables.Chain +}{ + {utiliptables.TableNAT, kubeServicesChain}, + {utiliptables.TableNAT, kubePostroutingChain}, + {utiliptables.TableNAT, KubeFireWallChain}, + {utiliptables.TableNAT, KubeNodePortChain}, + {utiliptables.TableNAT, KubeLoadBalancerChain}, + {utiliptables.TableFilter, KubeForwardChain}, +} + // ipsetInfo is all ipset we needed in ipvs proxier var ipsetInfo = []struct { name string @@ -639,7 +651,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool } // Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first. - for _, ch := range iptablesChains { + for _, ch := range iptablesCleanupChains { if err := ipt.FlushChain(ch.table, ch.chain); err != nil { if !utiliptables.IsNotFoundError(err) { klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err) @@ -649,7 +661,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool } // Remove all of our chains. - for _, ch := range iptablesChains { + for _, ch := range iptablesCleanupChains { if err := ipt.DeleteChain(ch.table, ch.chain); err != nil { if !utiliptables.IsNotFoundError(err) { klog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)