diff options
Diffstat (limited to 'pkg/firewall')
| -rw-r--r-- | pkg/firewall/common.go | 6 | ||||
| -rw-r--r-- | pkg/firewall/firewall_none.go | 6 | ||||
| -rw-r--r-- | pkg/firewall/iptables.go | 21 |
3 files changed, 9 insertions, 24 deletions
diff --git a/pkg/firewall/common.go b/pkg/firewall/common.go index 993c691cd..a65d4f03d 100644 --- a/pkg/firewall/common.go +++ b/pkg/firewall/common.go @@ -21,6 +21,8 @@ import ( ) // FirewallNetConf represents the firewall configuration. +// Nolint applied for firewall.Firewall... name duplication notice. +//nolint type FirewallNetConf struct { //types.NetConf @@ -33,11 +35,13 @@ type FirewallNetConf struct { // to 'trusted' FirewalldZone string - PrevResult *current.Result + PrevResult *current.Result } // FirewallBackend is an interface to the system firewall, allowing addition and // removal of firewall rules. +// Nolint applied for firewall.Firewall... name duplication notice. +//nolint type FirewallBackend interface { Add(*FirewallNetConf) error Del(*FirewallNetConf) error diff --git a/pkg/firewall/firewall_none.go b/pkg/firewall/firewall_none.go index 9f9594b4a..9add24842 100644 --- a/pkg/firewall/firewall_none.go +++ b/pkg/firewall/firewall_none.go @@ -19,8 +19,10 @@ import ( ) // FirewallNone is a firewall backend for environments where manipulating the -// system firewall is unsupported (for example, when running without root) -type FirewallNone struct {} +// system firewall is unsupported (for example, when running without root). +// Nolint applied to avoid firewall.FirewallNone name duplication notes. +//nolint +type FirewallNone struct{} func newNoneBackend() (FirewallBackend, error) { return &FirewallNone{}, nil diff --git a/pkg/firewall/iptables.go b/pkg/firewall/iptables.go index 9f065dbcf..59d81b287 100644 --- a/pkg/firewall/iptables.go +++ b/pkg/firewall/iptables.go @@ -51,10 +51,6 @@ func generateFilterRule(privChainName string) []string { return []string{"-m", "comment", "--comment", "CNI firewall plugin rules", "-j", privChainName} } -func generateAdminRule(adminChainName string) []string { - return []string{"-m", "comment", "--comment", "CNI firewall plugin admin overrides", "-j", adminChainName} -} - func cleanupRules(ipt *iptables.IPTables, privChainName string, rules [][]string) { for _, rule := range rules { ipt.Delete("filter", privChainName, rule...) @@ -148,23 +144,6 @@ func (ib *iptablesBackend) delRules(conf *FirewallNetConf, ipt *iptables.IPTable return nil } -func findProtos(conf *FirewallNetConf) []iptables.Protocol { - protos := []iptables.Protocol{iptables.ProtocolIPv4, iptables.ProtocolIPv6} - if conf.PrevResult != nil { - // If PrevResult is given, scan all IP addresses to figure out - // which IP versions to use - protos = []iptables.Protocol{} - for _, addr := range conf.PrevResult.IPs { - if addr.Address.IP.To4() != nil { - protos = append(protos, iptables.ProtocolIPv4) - } else { - protos = append(protos, iptables.ProtocolIPv6) - } - } - } - return protos -} - type iptablesBackend struct { protos map[iptables.Protocol]*iptables.IPTables privChainName string |