github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-05 11:12:03 +00:00
Code Issues Projects Releases Wiki Activity

flush iptable chains first and then remove them

Browse Source 
while cleaning up ipvs mode. flushing iptable chains first and then
remove the chains. this avoids trying to remove chains that are still
referenced by rules in other chains.

fixes #70615
This commit is contained in:
Timo Derstappen
2018-11-03 11:36:14 +01:00
parent 474e27f914
commit 90d2c5ca5a
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/proxy/ipvs/proxier.go
View File

@@ -551,7 +551,7 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
}
}
// Flush and remove all of our chains.
// Flush and remove all of our chains. Flushing all chains before removing them also removes all links between chains first.
for _, ch := range iptablesChains {
if err := ipt.FlushChain(ch.table, ch.chain); err != nil {
if !utiliptables.IsNotFoundError(err) {
@@ -559,6 +559,10 @@ func cleanupIptablesLeftovers(ipt utiliptables.Interface) (encounteredError bool
encounteredError = true
}
}
}
// Remove all of our chains.
for _, ch := range iptablesChains {
if err := ipt.DeleteChain(ch.table, ch.chain); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error removing iptables rules in ipvs proxier: %v", err)