Add configuration option to select iptables implementation
When running gocast in a container, the default iptables implementation may not match that used on the underlying host kernel. The current container uses the legacy iptables implementation and calls the `iptables` binary. This fails with exit code 3 when running on a host using the newer nftables implementation. The container already has `iptables-nft` binary included, so just needs a way to call this instead of the default `iptables` binary. This change implements a new `iptables_binary` config option, defaulting to `iptables`, and calls this when adding or removing NAT rules. Fixes #32 This change was written using AI LLM. Authored-By: Claude Code (Sonnet 4.5)
This commit is contained in:
Ben Roberts
@@ -8,6 +8,7 @@ import (
|
||||
)
|
||||
|
||||
var execCmd = "bash"
|
||||
var iptablesBinary = "iptables"
|
||||
|
||||
func getCmdList(mainCmd string) []string {
|
||||
cmdList := []string{}
|
||||
@@ -88,8 +89,8 @@ func deleteLoopback(addr *net.IPNet) error {
|
||||
|
||||
func natRule(op string, vip, localAddr net.IP, protocol, lport, dport string) error {
|
||||
cmd := fmt.Sprintf(
|
||||
"iptables -t nat -%s PREROUTING -p %s -d %s --dport %s -j DNAT --to-destination %s:%s",
|
||||
op, protocol, vip.String(), lport, localAddr.String(), dport,
|
||||
"%s -t nat -%s PREROUTING -p %s -d %s --dport %s -j DNAT --to-destination %s:%s",
|
||||
iptablesBinary, op, protocol, vip.String(), lport, localAddr.String(), dport,
|
||||
)
|
||||
cmdList := getCmdList(cmd)
|
||||
_, err := exec.Command(execCmd, cmdList...).Output()
|
||||
@@ -98,3 +99,10 @@ func natRule(op string, vip, localAddr net.IP, protocol, lport, dport string) er
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// SetIptablesBinary sets the iptables binary to use for NAT rules
|
||||
func SetIptablesBinary(binary string) {
|
||||
if binary != "" {
|
||||
iptablesBinary = binary
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user