Last active
July 4, 2020 17:20
-
-
Save m3adow/219103ba3a8aba74eb24ecb2640a0eb9 to your computer and use it in GitHub Desktop.
A quick 'n dirty script to remove theIptables redirection for ports 80 and 443 of k3s from one IP. Substitute the IP in ADD_LINE with the one you don't want k3s to redirect. Add the script as "ExecStartPost" to /etc/systemd/system/k3s.service.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ############################# | |
| # Author: Till Wiese/m3adow # | |
| ############################# | |
| set -euo pipefail | |
| set -x | |
| LOOP_UNTIL=0 | |
| PREPORT_LINE="-p tcp -m tcp --dport" | |
| ADD_LINE="! -d 192.168.1.10" | |
| change_rules () { | |
| RULEFILE="$(mktemp)" | |
| iptables-save > ${RULEFILE} | |
| # Extract the full CNI-DN name | |
| CNI_DN="$(grep -P ':CNI-DN' ${RULEFILE} | head -1 | grep -oP 'CNI-DN-\w+')" | |
| for MYPORT in 80 443 | |
| do | |
| perl -p -i -e "s/(-A ${CNI_DN} ${PREPORT_LINE} ${MYPORT})/\1 ${ADD_LINE}/" ${RULEFILE} | |
| done | |
| iptables-restore ${RULEFILE} | |
| rm ${RULEFILE} | |
| } | |
| while getopts "w" opt | |
| do | |
| case $opt in | |
| w) | |
| LOOP_UNTIL=1 | |
| esac | |
| done | |
| while true | |
| do | |
| # Extract the full CNI-DN name | |
| # As it this command may fail, leaving CNI_DN empty, "set +e" is required | |
| set +e | |
| CNI_DN="$(grep -P ':CNI-DN' <(iptables-save) | head -1 | grep -oP 'CNI-DN-\w+')" | |
| set -e | |
| if [[ $CNI_DN ]] | |
| then | |
| change_rules | |
| else | |
| if [[ $LOOP_UNTIL == 1 ]] | |
| then | |
| sleep 1 | |
| continue | |
| fi | |
| fi | |
| break | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment