Merge pull request #92860 from aojea/iptMonitor

iptables: don't do reverse DNS lookups
2025-07-20 10:20:51 +00:00 · 2020-07-11 20:57:02 -07:00 · 2020-07-11 20:57:02 -07:00 · fa31f9fd26
commit fa31f9fd26
parent 79ee122c18 924553b7ee
1 changed files with 4 additions and 1 deletions
--- a/pkg/util/iptables/iptables.go
+++ b/pkg/util/iptables/iptables.go
@ -607,6 +607,9 @@ func (runner *runner) chainExists(table Table, chain Chain) (bool, error) {
 	runner.mu.Lock()
 	defer runner.mu.Unlock()

+	trace := utiltrace.New("iptables Monitor CANARY check")
+	defer trace.LogIfLong(2 * time.Second)
+
 	_, err := runner.run(opListChain, fullArgs)
 	return err == nil, err
 }
@ -617,7 +620,7 @@ const (
 	opCreateChain operation = "-N"
 	opFlushChain  operation = "-F"
 	opDeleteChain operation = "-X"
-	opListChain   operation = "-L"
+	opListChain   operation = "-S"
 	opAppendRule  operation = "-A"
 	opCheckRule   operation = "-C"
 	opDeleteRule  operation = "-D"