christarazi/iptables-block-etcd.sh

## iptables-block-etcd.sh
#!/bin/bash

set -eu

pod="${1}"   # Cilium pod name (e.g. cilium-2341d)
op="${2}"    # iptables operation (e.g. append or delete)
etcd="${3}"  # Etcd node IP to apply iptable rules to (e.g. hostname or IP addr)

if [[ "${op}" == "append" ]]; then
    op="-A"
else
    op="-D"
fi

set -x
kubectl -n kube-system exec -it "${pod}" -- bash -c "
iptables ${op} INPUT  -s ${etcd} -p TCP --sport 2379 -j DROP
iptables ${op} OUTPUT -d ${etcd} -p TCP --dport 2379 -j DROP
"
set +x
	#!/bin/bash

	set -eu

	pod="${1}" # Cilium pod name (e.g. cilium-2341d)
	op="${2}" # iptables operation (e.g. append or delete)
	etcd="${3}" # Etcd node IP to apply iptable rules to (e.g. hostname or IP addr)

	if [[ "${op}" == "append" ]]; then
	op="-A"
	else
	op="-D"
	fi

	set -x
	kubectl -n kube-system exec -it "${pod}" -- bash -c "
	iptables ${op} INPUT -s ${etcd} -p TCP --sport 2379 -j DROP
	iptables ${op} OUTPUT -d ${etcd} -p TCP --dport 2379 -j DROP
	"
	set +x