Created
May 13, 2020 09:12
-
-
Save darabi/3c4de2681aa1cbeed9b9e7647a19f371 to your computer and use it in GitHub Desktop.
Shorewall stop script which backs up Kubernetes and Cilium iptables chains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # the idea is not mine: | |
| # | |
| # https://blog.discourse.org/2015/11/shorewalldocker-two-great-tastes-that-taste-great-together/# | |
| # | |
| BACKUP=/etc/shorewall/kubernetes_rules | |
| # Kubernetes adds its own chains e.g. KUBE-SERVICES | |
| if iptables -t filter -L KUBE-SERVICES >/dev/null 2>&1; then | |
| echo Backup Kubernetes specific rules | |
| # nat table | |
| echo '*nat' > $BACKUP | |
| # k8s rules start with KUBE- | |
| iptables -t nat -S | grep -- '-[AN] KUBE-' >> $BACKUP | |
| # Cilium rules start with CILIUM | |
| iptables -t nat -S | grep -- '-[AN] CILIUM' >> $BACKUP | |
| echo 'COMMIT' >> $BACKUP | |
| # filter table | |
| echo '*filter' >> $BACKUP | |
| # k8s rules start with KUBE- | |
| iptables -t filter -S | grep -- '-[AN] KUBE-' >> $BACKUP | |
| # Cilium rules start with CILIUM | |
| iptables -t filter -S | grep -- '-[AN] CILIUM' >> $BACKUP | |
| echo 'COMMIT' >> $BACKUP | |
| # now Cilium mangle (Kubernetes doesn't seem to use mangle) | |
| echo '*mangle' >> $BACKUP | |
| iptables -t mangle -S | grep -- '-[AN] CILIUM' >> $BACKUP | |
| echo 'COMMIT' >> $BACKUP | |
| # and Cilium raw (Kubernetes doesn't seem to use raw) | |
| echo '*raw' >> $BACKUP | |
| iptables -t raw -S | grep -- '-[AN] CILIUM' >> $BACKUP | |
| echo 'COMMIT' >> $BACKUP | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment