From 3d6d03b32738ac80e71d9e4b9bb1b8c4318fa7ea Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Sat, 5 Oct 2024 07:52:30 +0000 Subject: [PATCH] fix(firewall): log warning if ipv6 nat filter not supported instead of returning an error - Allow to port forward redirect for IPv4 and not IPv6 if IPv6 NAT is not supported - Fix #2503 --- internal/firewall/interfaces.go | 1 + internal/firewall/iptables.go | 7 +++++++ internal/firewall/mocks_test.go | 12 ++++++++++++ 3 files changed, 20 insertions(+) diff --git a/internal/firewall/interfaces.go b/internal/firewall/interfaces.go index 768f38e2..5f91760a 100644 --- a/internal/firewall/interfaces.go +++ b/internal/firewall/interfaces.go @@ -9,5 +9,6 @@ type CmdRunner interface { type Logger interface { Debug(s string) Info(s string) + Warn(s string) Error(s string) } diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go index b5297f66..2034462b 100644 --- a/internal/firewall/iptables.go +++ b/internal/firewall/iptables.go @@ -239,6 +239,13 @@ func (c *Config) redirectPort(ctx context.Context, intf string, appendOrDelete(remove), interfaceFlag, destinationPort), }) if err != nil { + errMessage := err.Error() + if strings.Contains(errMessage, "can't initialize ip6tables table `nat': Table does not exist") { + if !remove { + c.logger.Warn("IPv6 port redirection disabled because your kernel does not support IPv6 NAT: " + errMessage) + } + return nil + } return fmt.Errorf("redirecting IPv6 source port %d to destination port %d on interface %s: %w", sourcePort, destinationPort, intf, err) } diff --git a/internal/firewall/mocks_test.go b/internal/firewall/mocks_test.go index 4490a904..a46ba5b1 100644 --- a/internal/firewall/mocks_test.go +++ b/internal/firewall/mocks_test.go @@ -107,3 +107,15 @@ func (mr *MockLoggerMockRecorder) Info(arg0 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Info", reflect.TypeOf((*MockLogger)(nil).Info), arg0) } + +// Warn mocks base method. +func (m *MockLogger) Warn(arg0 string) { + m.ctrl.T.Helper() + m.ctrl.Call(m, "Warn", arg0) +} + +// Warn indicates an expected call of Warn. +func (mr *MockLoggerMockRecorder) Warn(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Warn", reflect.TypeOf((*MockLogger)(nil).Warn), arg0) +}