func (svc *service) startRejecting(upd model.ServiceUpdate) (serviceState, error) { rule := []interface{}{ "-p", "tcp", "-d", upd.IP(), "--dport", upd.Port, "-j", "REJECT", } err := svc.config.addRule("filter", rule) if err != nil { return nil, err } return rejecting(func() { svc.config.deleteRule("filter", rule) }), nil }
func (svc *service) startForwarding(upd model.ServiceUpdate) (serviceState, error) { bridgeIP, err := svc.config.bridgeIP() if err != nil { return nil, err } listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: bridgeIP}) if err != nil { return nil, err } success := false defer func() { if !success { listener.Close() } }() rule := []interface{}{ "-p", "tcp", "-d", upd.IP(), "--dport", upd.Port, "-j", "DNAT", "--to-destination", listener.Addr(), } err = svc.config.addRule("nat", rule) if err != nil { return nil, err } fwd := &forwarding{ service: svc, rule: rule, listener: listener, stopCh: make(chan struct{}), ServiceInfo: upd.ServiceInfo, } fwd.chooseShim() go fwd.run() success = true return fwd, nil }