fix(firewall): iptables support detection

- Add dummy rule to `INPUT` to test for iptables support - This may resolve #896
2022-03-30 08:39:32 +00:00
parent 179274ade0
commit 20f20f051b
4 changed files with 77 additions and 48 deletions
--- a/internal/firewall/ip6tables.go
+++ b/internal/firewall/ip6tables.go
@@ -14,23 +14,14 @@ import (
 // and returns the iptables path that is supported. If none work, an
 // empty string path is returned.
 func findIP6tablesSupported(ctx context.Context, runner command.Runner) (
-	ip6tablesPath string) {
-	binsToTry := []string{"ip6tables", "ip6tables-nft"}
-
-	var err error
-	for _, ip6tablesPath = range binsToTry {
-		cmd := exec.CommandContext(ctx, ip6tablesPath, "-L")
-		_, err = runner.Run(cmd)
-		if err == nil {
-			break
-		}
+	ip6tablesPath string, err error) {
+	ip6tablesPath, err = checkIptablesSupport(ctx, runner, "ip6tables", "ip6tables-nft")
+	if errors.Is(err, ErrIPTablesNotSupported) {
+		return "", nil
+	} else if err != nil {
+		return "", err
 	}
-
-	if err != nil {
-		return ""
-	}
-
-	return ip6tablesPath
+	return ip6tablesPath, nil
 }

 func (c *Config) runIP6tablesInstructions(ctx context.Context, instructions []string) error {