Fix docker build

2026-04-19 08:46:38 +00:00 · 2023-03-22 17:20:38 +04:00
parent 64ad771099
commit 9eb5de6d62
3 changed files with 31 additions and 29 deletions
--- a/client/firewall/iptables/manager_linux.go
+++ b/client/firewall/iptables/manager_linux.go
@@ -63,16 +63,9 @@ func (m *Manager) AddFiltering(
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

-	client := m.client(ip)
-	ok, err := client.ChainExists("filter", ChainFilterName)
+	client, err := m.clientWithChain(ip)
 	if err != nil {
-		return nil, fmt.Errorf("failed to check if chain exists: %s", err)
-	}
-
-	if !ok {
-		if err := client.NewChain("filter", ChainFilterName); err != nil {
-			return nil, fmt.Errorf("failed to create chain: %s", err)
-		}
+		return nil, err
 	}

 	var portValue string
@@ -173,6 +166,27 @@ func (m *Manager) client(ip net.IP) *iptables.IPTables {
 	return m.ipv6Client
 }

+// clientWithChain returns client with initialized chain and default rules
+func (m *Manager) clientWithChain(ip net.IP) (*iptables.IPTables, error) {
+	client := m.client(ip)
+	ok, err := client.ChainExists("filter", ChainFilterName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to check if chain exists: %s", err)
+	}
+
+	if !ok {
+		if err := client.NewChain("filter", ChainFilterName); err != nil {
+			return nil, fmt.Errorf("failed to create chain: %s", err)
+		}
+
+		specs := []string{"-p", "icmp", "--icmp-type", "echo-request", "-j", "ACCEPT"}
+		if err := client.Insert("input", ChainFilterName, 1, specs...); err != nil {
+			return nil, fmt.Errorf("failed to create chain: %s", err)
+		}
+	}
+	return client, nil
+}
+
 func (m *Manager) actionToStr(action fw.Action) string {
 	if action == fw.ActionAccept {
 		return "ACCEPT"