diff --git a/libnetwork/iptables/conntrack.go b/libnetwork/iptables/conntrack.go index 8737afcfa2..83e4a338d1 100644 --- a/libnetwork/iptables/conntrack.go +++ b/libnetwork/iptables/conntrack.go @@ -14,10 +14,8 @@ import ( "github.com/vishvananda/netlink" ) -var ( - // ErrConntrackNotConfigurable means that conntrack module is not loaded or does not have the netlink module loaded - ErrConntrackNotConfigurable = errors.New("conntrack is not available") -) +// ErrConntrackNotConfigurable means that conntrack module is not loaded or does not have the netlink module loaded +var ErrConntrackNotConfigurable = errors.New("conntrack is not available") // IsConntrackProgrammable returns true if the handle supports the NETLINK_NETFILTER and the base modules are loaded func IsConntrackProgrammable(nlh *netlink.Handle) bool { diff --git a/libnetwork/iptables/firewalld_test.go b/libnetwork/iptables/firewalld_test.go index 9e4ef87195..77c175c630 100644 --- a/libnetwork/iptables/firewalld_test.go +++ b/libnetwork/iptables/firewalld_test.go @@ -56,7 +56,8 @@ func TestReloaded(t *testing.T) { "-s", ip1.String(), "-d", ip2.String(), "--dport", strconv.Itoa(port), - "-j", "ACCEPT"} + "-j", "ACCEPT", + } if !iptable.Exists(fwdChain.Table, fwdChain.Name, rule1...) { t.Fatal("rule1 does not exist") @@ -78,7 +79,8 @@ func TestPassthrough(t *testing.T) { "-i", "lo", "-p", "udp", "--dport", "123", - "-j", "ACCEPT"} + "-j", "ACCEPT", + } iptable := GetIptable(IPv4) if firewalldRunning { diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go index baca163278..82b89e4f6e 100644 --- a/libnetwork/iptables/iptables.go +++ b/libnetwork/iptables/iptables.go @@ -198,7 +198,8 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode preroute := []string{ "-m", "addrtype", "--dst-type", "LOCAL", - "-j", c.Name} + "-j", c.Name, + } if !iptable.Exists(Nat, "PREROUTING", preroute...) && enable { if err := c.Prerouting(Append, preroute...); err != nil { return fmt.Errorf("Failed to inject %s in PREROUTING chain: %s", c.Name, err) @@ -211,7 +212,8 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode output := []string{ "-m", "addrtype", "--dst-type", "LOCAL", - "-j", c.Name} + "-j", c.Name, + } if !hairpinMode { output = append(output, "!", "--dst", iptable.LoopbackByVersion()) } @@ -231,7 +233,8 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode } link := []string{ "-o", bridgeName, - "-j", c.Name} + "-j", c.Name, + } if !iptable.Exists(Filter, "FORWARD", link...) && enable { insert := append([]string{string(Insert), "FORWARD"}, link...) if output, err := iptable.Raw(insert...); err != nil { @@ -251,7 +254,8 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode "-o", bridgeName, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", - "-j", "ACCEPT"} + "-j", "ACCEPT", + } if !iptable.Exists(Filter, "FORWARD", establish...) && enable { insert := append([]string{string(Insert), "FORWARD"}, establish...) if output, err := iptable.Raw(insert...); err != nil { @@ -300,7 +304,8 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr "-d", daddr, "--dport", strconv.Itoa(port), "-j", "DNAT", - "--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort))} + "--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort)), + } if !c.HairpinMode { args = append(args, "!", "-i", bridgeName) diff --git a/libnetwork/iptables/iptables_test.go b/libnetwork/iptables/iptables_test.go index decf948033..c7a2fd36fd 100644 --- a/libnetwork/iptables/iptables_test.go +++ b/libnetwork/iptables/iptables_test.go @@ -119,7 +119,8 @@ func TestLink(t *testing.T) { "-s", ip1.String(), "-d", ip2.String(), "--dport", strconv.Itoa(port), - "-j", "ACCEPT"} + "-j", "ACCEPT", + } if !iptable.Exists(filterChain.Table, filterChain.Name, rule1...) { t.Fatal("rule1 does not exist") @@ -132,7 +133,8 @@ func TestLink(t *testing.T) { "-s", ip2.String(), "-d", ip1.String(), "--sport", strconv.Itoa(port), - "-j", "ACCEPT"} + "-j", "ACCEPT", + } if !iptable.Exists(filterChain.Table, filterChain.Name, rule2...) { t.Fatal("rule2 does not exist") @@ -142,10 +144,7 @@ func TestLink(t *testing.T) { func TestPrerouting(t *testing.T) { iptable, natChain, _ := createNewChain(t) - args := []string{ - "-i", "lo", - "-d", "192.168.1.1"} - + args := []string{"-i", "lo", "-d", "192.168.1.1"} err := natChain.Prerouting(Insert, args...) if err != nil { t.Fatal(err) @@ -164,10 +163,7 @@ func TestPrerouting(t *testing.T) { func TestOutput(t *testing.T) { iptable, natChain, _ := createNewChain(t) - args := []string{ - "-o", "lo", - "-d", "192.168.1.1"} - + args := []string{"-o", "lo", "-d", "192.168.1.1"} err := natChain.Output(Insert, args...) if err != nil { t.Fatal(err) @@ -177,8 +173,10 @@ func TestOutput(t *testing.T) { t.Fatal("rule does not exist") } - delRule := append([]string{"-D", "OUTPUT", "-t", - string(natChain.Table)}, args...) + delRule := append([]string{ + "-D", "OUTPUT", "-t", + string(natChain.Table), + }, args...) if _, err = iptable.Raw(delRule...); err != nil { t.Fatal(err) } @@ -227,10 +225,12 @@ func TestCleanup(t *testing.T) { var rules []byte // Cleanup filter/FORWARD first otherwise output of iptables-save is dirty - link := []string{"-t", string(filterChain.Table), + link := []string{ + "-t", string(filterChain.Table), string(Delete), "FORWARD", "-o", bridgeName, - "-j", filterChain.Name} + "-j", filterChain.Name, + } if _, err := iptable.Raw(link...); err != nil { t.Fatal(err)