Fix ContainsIPv4Loopback() to match its caller's behavior

ContainsIPv4Loopback() claimed that "::/0" contains IPv4 loopback IPs
(on the theory that listening on "::/0" will listen on "0.0.0.0/0" as
well and thus include IPv4 loopback). But its sole caller (the
iptables proxier) doesn't use listen() to accept connections, so this
theory was completely mistaken; if you passed, eg,
`--nodeport-addresses 192.168.0.0/0,::/0`, then it would not create
any rule that accepted nodeport connections on 127.0.0.1, but it would
nonetheless end up setting route_localnet=1 because
ContainsIPv4Loopback() claimed it needed to. Fix this.

pkg/proxy/util/nodeport_addresses.go

@@ -96,10 +96,6 @@ func ContainsIPv4Loopback(cidrStrings []string) bool {
 	// RFC 5735 127.0.0.0/8 - This block is assigned for use as the Internet host loopback address
 	ipv4LoopbackStart := netutils.ParseIPSloppy("127.0.0.0")
 	for _, cidr := range cidrStrings {
-		if IsZeroCIDR(cidr) {
-			return true
-		}
-
 		ip, ipnet, err := netutils.ParseCIDRSloppy(cidr)
 		if err != nil {
 			continue

pkg/proxy/util/nodeport_addresses_test.go

@@ -280,9 +280,9 @@ func TestContainsIPv4Loopback(t *testing.T) {
 			want:        true,
 		},
 		{
-			name:        "all zeros ipv6", // interpret all zeros equal for IPv4 and IPv6 as Golang stdlib
+			name:        "all zeros ipv6",
 			cidrStrings: []string{"224.0.0.0/24", "192.168.0.0/16", "fd00:1:d::/64", "::/0"},
-			want:        true,
+			want:        false,
 		},
 		{
 			name:        "ipv4 loopback",
@@ -318,7 +318,7 @@ func TestContainsIPv4Loopback(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := ContainsIPv4Loopback(tt.cidrStrings); got != tt.want {
-				t.Errorf("ContainLoopback() = %v, want %v", got, tt.want)
+				t.Errorf("ContainsIPv4Loopback() = %v, want %v", got, tt.want)
 			}
 		})
 	}