|
|
@@ -83,7 +83,7 @@ type ChainError struct {
|
|
|
}
|
|
|
|
|
|
func (e ChainError) Error() string {
|
|
|
- return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
|
|
|
+ return fmt.Sprintf("error iptables %s: %s", e.Chain, string(e.Output))
|
|
|
}
|
|
|
|
|
|
func detectIptables() {
|
|
|
@@ -173,7 +173,7 @@ func (iptable IPTable) LoopbackByVersion() string {
|
|
|
// ProgramChain is used to add rules to a chain
|
|
|
func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error {
|
|
|
if c.Name == "" {
|
|
|
- return errors.New("Could not program chain, missing chain name")
|
|
|
+ return errors.New("could not program chain, missing chain name")
|
|
|
}
|
|
|
|
|
|
// Either add or remove the interface from the firewalld zone
|
|
|
@@ -198,11 +198,11 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
|
|
|
}
|
|
|
if !iptable.Exists(Nat, "PREROUTING", preroute...) && enable {
|
|
|
if err := c.Prerouting(Append, preroute...); err != nil {
|
|
|
- return fmt.Errorf("Failed to inject %s in PREROUTING chain: %s", c.Name, err)
|
|
|
+ return fmt.Errorf("failed to inject %s in PREROUTING chain: %s", c.Name, err)
|
|
|
}
|
|
|
} else if iptable.Exists(Nat, "PREROUTING", preroute...) && !enable {
|
|
|
if err := c.Prerouting(Delete, preroute...); err != nil {
|
|
|
- return fmt.Errorf("Failed to remove %s in PREROUTING chain: %s", c.Name, err)
|
|
|
+ return fmt.Errorf("failed to remove %s in PREROUTING chain: %s", c.Name, err)
|
|
|
}
|
|
|
}
|
|
|
output := []string{
|
|
|
@@ -215,17 +215,16 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
|
|
|
}
|
|
|
if !iptable.Exists(Nat, "OUTPUT", output...) && enable {
|
|
|
if err := c.Output(Append, output...); err != nil {
|
|
|
- return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
|
|
|
+ return fmt.Errorf("failed to inject %s in OUTPUT chain: %s", c.Name, err)
|
|
|
}
|
|
|
} else if iptable.Exists(Nat, "OUTPUT", output...) && !enable {
|
|
|
if err := c.Output(Delete, output...); err != nil {
|
|
|
- return fmt.Errorf("Failed to inject %s in OUTPUT chain: %s", c.Name, err)
|
|
|
+ return fmt.Errorf("failed to inject %s in OUTPUT chain: %s", c.Name, err)
|
|
|
}
|
|
|
}
|
|
|
case Filter:
|
|
|
if bridgeName == "" {
|
|
|
- return fmt.Errorf("Could not program chain %s/%s, missing bridge name",
|
|
|
- c.Table, c.Name)
|
|
|
+ return fmt.Errorf("could not program chain %s/%s, missing bridge name", c.Table, c.Name)
|
|
|
}
|
|
|
link := []string{
|
|
|
"-o", bridgeName,
|
|
|
@@ -236,14 +235,14 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
|
|
|
if output, err := iptable.Raw(insert...); err != nil {
|
|
|
return err
|
|
|
} else if len(output) != 0 {
|
|
|
- return fmt.Errorf("Could not create linking rule to %s/%s: %s", c.Table, c.Name, output)
|
|
|
+ return fmt.Errorf("could not create linking rule to %s/%s: %s", c.Table, c.Name, output)
|
|
|
}
|
|
|
} else if iptable.Exists(Filter, "FORWARD", link...) && !enable {
|
|
|
del := append([]string{string(Delete), "FORWARD"}, link...)
|
|
|
if output, err := iptable.Raw(del...); err != nil {
|
|
|
return err
|
|
|
} else if len(output) != 0 {
|
|
|
- return fmt.Errorf("Could not delete linking rule from %s/%s: %s", c.Table, c.Name, output)
|
|
|
+ return fmt.Errorf("could not delete linking rule from %s/%s: %s", c.Table, c.Name, output)
|
|
|
}
|
|
|
}
|
|
|
establish := []string{
|
|
|
@@ -257,14 +256,14 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
|
|
|
if output, err := iptable.Raw(insert...); err != nil {
|
|
|
return err
|
|
|
} else if len(output) != 0 {
|
|
|
- return fmt.Errorf("Could not create establish rule to %s: %s", c.Table, output)
|
|
|
+ return fmt.Errorf("could not create establish rule to %s: %s", c.Table, output)
|
|
|
}
|
|
|
} else if iptable.Exists(Filter, "FORWARD", establish...) && !enable {
|
|
|
del := append([]string{string(Delete), "FORWARD"}, establish...)
|
|
|
if output, err := iptable.Raw(del...); err != nil {
|
|
|
return err
|
|
|
} else if len(output) != 0 {
|
|
|
- return fmt.Errorf("Could not delete establish rule from %s: %s", c.Table, output)
|
|
|
+ return fmt.Errorf("could not delete establish rule from %s: %s", c.Table, output)
|
|
|
}
|
|
|
}
|
|
|
}
|
Sebastiaan van Stijn