4bb426483f
Since we are overwriting the destination port to the private port in the preforward hook, we have to make sure the firewall rules for the public port are applied. For that, when we are creating the firewall rule sets, we generate a new copy of the sets and replace the public port with the private port. It is not enough to do that because we only need to apply the rules to the packets coming through the load balancer. For that, we introduce marking in the load balancer and catch the marked packets in the forward hook. Since now load balancer and firewall need to work together, we have to make sure firewall rules are updated when a node is removed or added. We catch those in the dns update or destroy sequence.
12 KiB
12 KiB