Alex Stockinger
Alex Stockinger
The idea of using ipsets sounds great! I think this PR here might even be a nice step towards that direction by introducing the distinction between the two iptables rules...
We just ran a small test against a cluster running this PR (plus the [metrics PR](https://github.com/squat/kilo/pull/323) for observability) and this is what it looks like in grafana :heart_eyes:  The...
> @dajudge what's the status of this PR? Is it ready for a final review so we can merge and maybe include in a Kilo 0.6.0? heart_eyes_cat Yes. We've been...
Can confirm that it's doing what it's supposed to do on a test cluster: the `DROP` rule is not present on the `INPUT` filter chain.
e2e tests maybe also affected by this? https://github.com/squat/kilo/pull/317#issuecomment-1169766769
Resolved some merge conflicts.
Thanks for your feedback, @cpuguy83! Please let me know if there's something I can do to help move this forward!
Hi @cpuguy83, many thanks for your input! Disclaimer: I'm far from being an expert on the nitty gritty networking layer details that are involved here, so please bear with me...
@corhere @cpuguy83 Thanks for having a closer look! So I picked up your idea of a more generic `--default-network-opt` param and hacked together an experiment to see what it'd feel...
> The PR title and description could use an update given the expanded scope. @corhere I updated title and desc. Please let me know if you feel that there's room...