Clear leftover iptables rules

canonical · Nov 12, 2024 · 0293bd9 · 0293bd9
1 parent 13689bd
commit 0293bd9
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/src/k8s/pkg/k8sd/features/cilium/cleanup.go b/src/k8s/pkg/k8sd/features/cilium/cleanup.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"strings"
 
 	"github.com/canonical/k8s/pkg/snap"
 )
@@ -18,5 +19,28 @@ func CleanupNetwork(ctx context.Context, snap snap.Snap) error {
 		}
 	}
 
+	for _, cmd := range []string{"iptables", "ip6tables", "iptables-legacy", "ip6tables-legacy"} {
+		out, err := exec.Command(fmt.Sprintf("%s-save", cmd)).Output()
+		if err != nil {
+			return fmt.Errorf("failed to read iptables rules: %w", err)
+		}
+
+		lines := strings.Split(string(out), "\n")
+		for i, line := range lines {
+			for _, word := range []string{"cilium", "kube", "CILIUM", "KUBE"} {
+				if strings.Contains(line, word) {
+					lines[i] = ""
+					break
+				}
+			}
+		}
+
+		restore := exec.Command(fmt.Sprintf("%s-restore", cmd))
+		restore.Stdin = strings.NewReader(strings.Join(lines, "\n"))
+		if err := restore.Run(); err != nil {
+			return fmt.Errorf("failed to restore iptables rules: %w", err)
+		}
+	}
+
 	return nil
 }