project-lakitu/app-containers/docker-test/files/docker-25.0.2-Remove-iptables-flush.patch - cos/overlays/board-overlays - Git at Google

 From e47d79634555f6fd879b2ec4930d9a0ab14d8fab Mon Sep 17 00:00:00 2001
 From: Chenglong Tang <chenglongtang@google.com>
 Date: Tue, 10 Dec 2024 19:50:33 +0000
 Subject: [PATCH] Reset firwall after iptables flush

 Flushing iptables locks us out of SSH and makes the DUT pingable, but
 non-sshable. Re-initialize firewall after flush.
 ---
  integration/daemon/daemon_test.go   | 2 ++
  integration/network/helpers.go      | 2 ++
  integration/network/service_test.go | 2 ++
  3 files changed, 6 insertions(+)

 diff --git a/integration/daemon/daemon_test.go b/integration/daemon/daemon_test.go
 index e7605b2b23..82ea9b097f 100644
 --- a/integration/daemon/daemon_test.go
 +++ b/integration/daemon/daemon_test.go
 @@ -628,4 +628,6 @@ func deleteInterface(t *testing.T, ifName string) {
  	icmd.RunCommand("ip", "link", "delete", ifName).Assert(t, icmd.Success)
  	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
  	icmd.RunCommand("iptables", "--flush").Assert(t, icmd.Success)
 +	icmd.RunCommand("/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
 +	icmd.RunCommand("iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
  }
 diff --git a/integration/network/helpers.go b/integration/network/helpers.go
 index f297c15aa0..f192429e63 100644
 --- a/integration/network/helpers.go
 +++ b/integration/network/helpers.go
 @@ -34,6 +34,8 @@ func DeleteInterface(ctx context.Context, t *testing.T, ifName string) {
  	testutil.RunCommand(ctx, "ip", "link", "delete", ifName).Assert(t, icmd.Success)
  	testutil.RunCommand(ctx, "iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
  	testutil.RunCommand(ctx, "iptables", "--flush").Assert(t, icmd.Success)
 +	testutil.RunCommand(ctx, "/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
 +	testutil.RunCommand(ctx, "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
  }

  // LinkExists verifies that a link exists
 diff --git a/integration/network/service_test.go b/integration/network/service_test.go
 index e76a9f0c75..d2498499e2 100644
 --- a/integration/network/service_test.go
 +++ b/integration/network/service_test.go
 @@ -24,6 +24,8 @@ func delInterface(ctx context.Context, t *testing.T, ifName string) {
  	testutil.RunCommand(ctx, "ip", "link", "delete", ifName).Assert(t, icmd.Success)
  	testutil.RunCommand(ctx, "iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
  	testutil.RunCommand(ctx, "iptables", "--flush").Assert(t, icmd.Success)
 +	testutil.RunCommand(ctx, "/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
 +	testutil.RunCommand(ctx, "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
  }

  func TestDaemonRestartWithLiveRestore(t *testing.T) {
	From e47d79634555f6fd879b2ec4930d9a0ab14d8fab Mon Sep 17 00:00:00 2001
	From: Chenglong Tang <chenglongtang@google.com>
	Date: Tue, 10 Dec 2024 19:50:33 +0000
	Subject: [PATCH] Reset firwall after iptables flush

	Flushing iptables locks us out of SSH and makes the DUT pingable, but
	non-sshable. Re-initialize firewall after flush.
	---
	integration/daemon/daemon_test.go \| 2 ++
	integration/network/helpers.go \| 2 ++
	integration/network/service_test.go \| 2 ++
	3 files changed, 6 insertions(+)

	diff --git a/integration/daemon/daemon_test.go b/integration/daemon/daemon_test.go
	index e7605b2b23..82ea9b097f 100644
	--- a/integration/daemon/daemon_test.go
	+++ b/integration/daemon/daemon_test.go
	@@ -628,4 +628,6 @@ func deleteInterface(t *testing.T, ifName string) {
	icmd.RunCommand("ip", "link", "delete", ifName).Assert(t, icmd.Success)
	icmd.RunCommand("iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
	icmd.RunCommand("iptables", "--flush").Assert(t, icmd.Success)
	+ icmd.RunCommand("/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
	+ icmd.RunCommand("iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
	}
	diff --git a/integration/network/helpers.go b/integration/network/helpers.go
	index f297c15aa0..f192429e63 100644
	--- a/integration/network/helpers.go
	+++ b/integration/network/helpers.go
	@@ -34,6 +34,8 @@ func DeleteInterface(ctx context.Context, t *testing.T, ifName string) {
	testutil.RunCommand(ctx, "ip", "link", "delete", ifName).Assert(t, icmd.Success)
	testutil.RunCommand(ctx, "iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
	testutil.RunCommand(ctx, "iptables", "--flush").Assert(t, icmd.Success)
	+ testutil.RunCommand(ctx, "/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
	+ testutil.RunCommand(ctx, "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
	}

	// LinkExists verifies that a link exists
	diff --git a/integration/network/service_test.go b/integration/network/service_test.go
	index e76a9f0c75..d2498499e2 100644
	--- a/integration/network/service_test.go
	+++ b/integration/network/service_test.go
	@@ -24,6 +24,8 @@ func delInterface(ctx context.Context, t *testing.T, ifName string) {
	testutil.RunCommand(ctx, "ip", "link", "delete", ifName).Assert(t, icmd.Success)
	testutil.RunCommand(ctx, "iptables", "-t", "nat", "--flush").Assert(t, icmd.Success)
	testutil.RunCommand(ctx, "iptables", "--flush").Assert(t, icmd.Success)
	+ testutil.RunCommand(ctx, "/usr/share/cloud/iptables-setup").Assert(t, icmd.Success)
	+ testutil.RunCommand(ctx, "iptables", "-A", "INPUT", "-p", "tcp", "--dport", "22", "-j", "ACCEPT", "-w").Assert(t, icmd.Success)
	}

	func TestDaemonRestartWithLiveRestore(t *testing.T) {