Use nftables when we can
nftables content will contain all of iptables - especially starting cs8, where iptables is a compatibility wrapper for nftables (true name: iptables-nft). In addition, getting a dedicated file for nftables content makes things easier to read, especially with the nftables output (think "json", more or less). Notes: - iptables will still be called if the system can't find the "nft" binary. - this patch will be especially important once [1] get in, since iptables will NOT see any of the nftables rules. [1] https://review.opendev.org/c/openstack/tripleo-ansible/+/841414 Change-Id: Icba6b51ba5480091adcd2e010c9e34c049216c22
This commit is contained in:
parent
5f1069ba9a
commit
ea02074571
|
@ -14,13 +14,16 @@
|
|||
ip -${ipv} a &>> /var/log/extra/network.txt;
|
||||
echo "### IPv${ipv} routing" >> /var/log/extra/network.txt;
|
||||
ip -${ipv} r &>> /var/log/extra/network.txt;
|
||||
echo "### IPTables (IPv${ipv})" &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 4 && iptables-save &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 6 && ip6tables-save &>> /var/log/extra/network.txt;
|
||||
echo "### IPTables Stats (IPv${ipv})" &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 4 && iptables -vnL &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 6 && ip6tables -vnL &>> /var/log/extra/network.txt;
|
||||
if [[ ! $(command -v nft) ]]; then
|
||||
echo "### IPTables (IPv${ipv})" &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 4 && iptables-save &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 6 && ip6tables-save &>> /var/log/extra/network.txt;
|
||||
echo "### IPTables Stats (IPv${ipv})" &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 4 && iptables -vnL &>> /var/log/extra/network.txt;
|
||||
test $ipv -eq 6 && ip6tables -vnL &>> /var/log/extra/network.txt;
|
||||
fi
|
||||
done;
|
||||
command -v nft && nft list ruleset &>/var/log/extra/nftables.txt;
|
||||
(for NS in $(ip netns list | cut -f 1 -d " "); do
|
||||
for ipv in 4 6; do
|
||||
echo "==== $NS (${ipv})====";
|
||||
|
|
Loading…
Reference in New Issue