Fix docker build

2026-04-16 15:26:40 +00:00 · 2023-03-22 17:20:38 +04:00
parent 64ad771099
commit 9eb5de6d62
3 changed files with 31 additions and 29 deletions
--- a/client/firewall/iptables/manager_linux.go
+++ b/client/firewall/iptables/manager_linux.go
@@ -63,16 +63,9 @@ func (m *Manager) AddFiltering(
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

-	client := m.client(ip)
-	ok, err := client.ChainExists("filter", ChainFilterName)
+	client, err := m.clientWithChain(ip)
 	if err != nil {
-		return nil, fmt.Errorf("failed to check if chain exists: %s", err)
-	}
-
-	if !ok {
-		if err := client.NewChain("filter", ChainFilterName); err != nil {
-			return nil, fmt.Errorf("failed to create chain: %s", err)
-		}
+		return nil, err
 	}

 	var portValue string
@@ -173,6 +166,27 @@ func (m *Manager) client(ip net.IP) *iptables.IPTables {
 	return m.ipv6Client
 }

+// clientWithChain returns client with initialized chain and default rules
+func (m *Manager) clientWithChain(ip net.IP) (*iptables.IPTables, error) {
+	client := m.client(ip)
+	ok, err := client.ChainExists("filter", ChainFilterName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to check if chain exists: %s", err)
+	}
+
+	if !ok {
+		if err := client.NewChain("filter", ChainFilterName); err != nil {
+			return nil, fmt.Errorf("failed to create chain: %s", err)
+		}
+
+		specs := []string{"-p", "icmp", "--icmp-type", "echo-request", "-j", "ACCEPT"}
+		if err := client.Insert("input", ChainFilterName, 1, specs...); err != nil {
+			return nil, fmt.Errorf("failed to create chain: %s", err)
+		}
+	}
+	return client, nil
+}
+
 func (m *Manager) actionToStr(action fw.Action) string {
 	if action == fw.ActionAccept {
 		return "ACCEPT"
--- a/client/internal/firewall.go
+++ b/client/internal/firewall.go
@@ -1,5 +1,3 @@
-//go:build !linux
-
 package internal

 import (
@@ -7,8 +5,15 @@ import (
 	"runtime"

 	"github.com/netbirdio/netbird/client/firewall"
+	"github.com/netbirdio/netbird/client/firewall/iptables"
 )

 func buildFirewallManager() (fw firewall.Manager, err error) {
-	return nil, fmt.Errorf("not implemented for this OS: %s", runtime.GOOS)
+	switch runtime.GOOS {
+	case "linux":
+		return iptables.Create()
+
+	default:
+		return nil, fmt.Errorf("not implemented for this OS: %s", runtime.GOOS)
+	}
 }
--- a/client/internal/firewall_linux.go
+++ b/client/internal/firewall_linux.go
@@ -1,17 +0,0 @@
-package internal
-
-import (
-	"fmt"
-
-	"github.com/netbirdio/netbird/client/firewall"
-	"github.com/netbirdio/netbird/client/firewall/iptables"
-)
-
-func buildFirewallManager() (fw firewall.Manager, err error) {
-	fw, err = iptables.Create()
-	if err != nil {
-		// TODO: handle init nftables manager when it will be implemented
-		return nil, fmt.Errorf("create iptables manager: %w", err)
-	}
-	return fw, nil
-}