Refactor iptables chain detection to centralize and default to DOCKER-USER
continuous-integration/drone/push Build is passing
continuous-integration/drone/push Build is passing
Move chain detection logic from firewall to iptables manager for better encapsulation. The manager now auto-detects both the iptables binary and chain (DOCKER-USER or FORWARD) based on the presence of the Docker-managed chain, but always defaults to DOCKER-USER for consistency. This simplifies firewall code and ensures proper Docker integration regardless of iptables version.
This commit is contained in:
gyurix
@@ -163,6 +163,11 @@ func (m *MockIPTablesManager) Binary() string {
|
||||
return m.BinaryResult
|
||||
}
|
||||
|
||||
func (m *MockIPTablesManager) Chain() string {
|
||||
// Default to DOCKER-USER (matches production behavior)
|
||||
return "DOCKER-USER"
|
||||
}
|
||||
|
||||
func (m *MockIPTablesManager) EnsureIPForward() error {
|
||||
m.EnsureIPForwardCalled = true
|
||||
return m.EnsureIPForwardErr
|
||||
|
||||
Reference in New Issue
Block a user