safebox/firewall_containers
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: warn instead of error when IP forwarding fails in containers
continuous-integration/drone/push Build is passing
Details

Browse Source 
Downgrade the IP forwarding failure from an error to a warning,
as this is expected in containers with a read-only filesystem.
IP forwarding should be set at the host level, not inside a container.
Update comments to reflect this expectation and improve log clarity.
This commit is contained in:
gyurix
2026-06-15 12:21:12 +02:00
parent e5e19835f9
commit c6ae1748cf
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
network-go/firewall/firewall.go
+4 -3
View File
@@ -38,10 +38,11 @@ func (o *Orchestrator) ReconcileAll(ctx context.Context, cfg *config.NetworksCon
// Update resolver with latest config
o.resolver.SetConfig(cfg)
// Step 0: Enable IP forwarding
log.Println("FIREWALL: enabling IP forwarding")
// Step 0: Enable IP forwarding (may fail in containers with read-only fs)
if err := o.iptablesMgr.EnsureIPForward(); err != nil {
log.Printf("FIREWALL: ERROR enabling ip_forward: %v", err)
log.Printf("FIREWALL: WARNING could not enable ip_forward: %v", err)
} else {
log.Println("FIREWALL: IP forwarding enabled")
}
// Step 1: Ensure all defined networks exist