FIREWALL_DEBUG variable, refers to #190, #194

internal/firewall/firewall.go

@@ -21,6 +21,7 @@ type Configurator interface {
 	SetAllowedPort(ctx context.Context, port uint16) error
 	RemoveAllowedPort(ctx context.Context, port uint16) (err error)
 	SetPortForward(ctx context.Context, port uint16) (err error)
+	SetDebug()
 }
 
 type configurator struct { //nolint:maligned
@@ -29,6 +30,7 @@ type configurator struct { //nolint:maligned
 	routing       routing.Routing
 	fileManager   files.FileManager // for custom iptables rules
 	iptablesMutex sync.Mutex
+	debug         bool
 
 	// State
 	enabled        bool
@@ -49,3 +51,7 @@ func NewConfigurator(logger logging.Logger, routing routing.Routing, fileManager
 		allowedPorts: make(map[uint16]struct{}),
 	}
 }
+
+func (c *configurator) SetDebug() {
+	c.debug = true
+}

internal/firewall/iptables.go

@@ -57,6 +57,9 @@ func (c *configurator) runIptablesInstructions(ctx context.Context, instructions
 func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error {
 	c.iptablesMutex.Lock() // only one iptables command at once
 	defer c.iptablesMutex.Unlock()
+	if c.debug {
+		fmt.Printf("iptables %s\n", instruction)
+	}
 	flags := strings.Fields(instruction)
 	if output, err := c.commander.Run(ctx, "iptables", flags...); err != nil {
 		return fmt.Errorf("failed executing \"iptables %s\": %s: %w", instruction, output, err)