-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cfgmgr/natmgrd] added disabling of NAT feature (Azure#1835) #2088
base: master
Are you sure you want to change the base?
[cfgmgr/natmgrd] added disabling of NAT feature (Azure#1835) #2088
Conversation
Signed-off-by: KonstiantynHalushka <Konstiantyn_Halushka@jabil.com>
/azpw run |
/AzurePipelines run |
Azure Pipelines successfully started running 1 pipeline(s). |
@prsunny please, review this PR |
@KonstiantynHalushka Please address my comment. |
@AkhileshSamineni Could you tell me exactly what you mean? |
@@ -97,6 +97,7 @@ void sigterm_handler(int signo) | |||
|
|||
natmgr->cleanupMangleIpTables(); | |||
natmgr->cleanupPoolIpTable(); | |||
natmgr->disableNatFeature(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@KonstiantynHalushka Instead of "natmgr->disableNatFeature()", calling "natmgr->setFullConeDnatIptablesRule(DELETE);" would be appropriate.
It will clean up the 1.1.1.1 full-cone rule.
Signed-off-by: KonstiantynHalushka Konstiantyn_Halushka@jabil.com
What I did
Added disabling of NAT feature
Why I did it
IP table rule was not removed after config reload (Azure#1835)
How I verified it
sudo config feature state nat enabled
sudo config nat feature enable
sudo iptables -nL -t nat
target prot opt source destination
DNAT all -- 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1 fullcone
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
sudo config reload
sudo iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Details if related