wireguard and iptables - Githubissues

gardener / ops-toolbelt

Useful tools and operations guide for gardener landscapes

Apache License 2.0

15 stars 26 forks source link

wireguard and iptables #46

Closed mandelsoft closed 3 years ago

mandelsoft commented 3 years ago

What would you like to be added:

Please add the wg (wireguard) command and a simple script command:

#!/bin/bash
table=
iptables-save | while IFS= read -r line; do
  if [ "${line#\**}" != "$line" ]; then
    table="$line"
  else
    echo "$table: $line"
  fi
done | grep "$@"

It can be used to simplify the analysis of iptables entries.

Thanks

Why is this needed:

neo-liang-sap commented 3 years ago

/assign

neo-liang-sap commented 3 years ago

Hi @mandelsoft i was trying to test your iptable script locally before adding it and found sth, i wrote a shell with same content and run like this

➜  /tmp vim ip.sh
➜  /tmp chmod +x ip.sh
➜  /tmp ./ip.sh
./ip.sh: line 3: iptables-save: command not found
usage: grep [-abcDEFGHhIiJLlmnOoqRSsUVvwxZ] [-A num] [-B num] [-C[num]]
    [-e pattern] [-f file] [--binary-files=value] [--color=when]
    [--context[=num]] [--directories=action] [--label] [--line-buffered]
    [--null] [pattern] [file ...]

is there anything wrong from my side? i'm using Mac and my shell is zsh

 /tmp echo $SHELL
/bin/zsh

/tmp cat ip.sh
#!/bin/bash
table=
iptables-save | while IFS= read -r line; do
  if [ "${line#\**}" != "$line" ]; then
    table="$line"
  else
    echo "$table: $line"
  fi
done | grep "$@"

petersutter commented 3 years ago

@neo-liang-sap I guess you have to try it from within the ops-toolbelt

neo-liang-sap commented 3 years ago

Hi @petersutter ,thanks i built them from the image firstly i run .ci/build and then i run

➜  ops-toolbelt git:(issue-46) ✗ docker build -f generated_dockerfiles/ops-toolbelt.dockerfile -t opsbelt_neo2 .
Sending build context to Docker daemon  1.476MB
Error response from daemon: dockerfile parse error line 27: unknown instruction: IPTABLES-SAVE

i got the exact same error

mandelsoft commented 3 years ago

Maybe you also have to install ´iptables-save´. This would be useful, anyway. It must be run under root

petersutter commented 3 years ago

maybe it makes sense to have this script lazy load/install the required components during runtime. This way we can keep the image small but can still extend it in a lightweight manner.

neo-liang-sap commented 3 years ago

PR https://github.com/gardener/ops-toolbelt/pull/47 is opened