0

我正在尝试使用calico-script删除所有与 calico 相关的 Iptables 。运行此脚本后,大部分 calico iptables 将被删除,但以下除外:

root@Ubuntu-18-VM:~# iptables -S | grep -oP '(?<!^:)cali-[^ ]+'
cali-FORWARD
cali-INPUT
cali-OUTPUT
cali-cidr-block
cali-from-hep-forward
cali-from-host-endpoint
cali-from-wl-dispatch
cali-from-wl-dispatch-5
cali-fw-cali2847b154969
cali-fw-cali4bb24809f90
cali-fw-cali531f8f2e712
cali-fw-cali5a82b3ff301
cali-pri-_CVSZITRyIpEmH8AB6H
cali-pri-_HayIXLB85hzHkIhWER
cali-pri-_PTRGc0U-L5Kz7V6ERW
cali-pri-_u2Tn2rSoAPffvE7JO6
cali-pri-kns.kube-system
cali-pro-_CVSZITRyIpEmH8AB6H
cali-pro-_HayIXLB85hzHkIhWER
cali-pro-_PTRGc0U-L5Kz7V6ERW
cali-pro-_u2Tn2rSoAPffvE7JO6
cali-pro-kns.kube-system
cali-to-hep-forward
cali-to-host-endpoint
cali-to-wl-dispatch
cali-to-wl-dispatch-5
cali-tw-cali2847b154969
cali-tw-cali4bb24809f90
cali-tw-cali531f8f2e712
cali-tw-cali5a82b3ff301
cali-wl-to-host

总共还剩下31个。我正在尝试在脚本中添加一个 grep 行,该行应该 grep 高于剩余的 31 个条目并删除那些 iptables。但是当我在第 14 行之后添加以下行时

iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | while read line; do iptables -t nat -F $line; done

我出现以下错误 31 次:

iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
.
.
.

如何修复此脚本,以便它也可以 grep 和删除剩余的 31 个 iptables 条目。

4

1 回答 1

1

  1. 删除你的行

  2. 尝试在L36之后添加以下内容

echo 'Cleaning all calico'
for i in `iptables -L |grep cali|awk '{print $2}'`; do iptables -F $i && iptables -X $i;  done

就我而言,在此调整之前,脚本在 242 中留下了 40

iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
40

之后:0

# iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
242
# ./calico-removal.sh 
Setting default FORWARD action to ACCEPT...
net.ipv4.ip_forward = 1
Starting the flush Calico policy rules...
Make sure calico-node DaemonSet is stopped before this gets executed.
Flushing all the calico iptables chains in the nat table...
Flushing all the calico iptables chains in the raw table...
Flushing all the calico iptables chains in the mangle table...
Flushing all the calico iptables chains in the filter table...
Cleaning up calico rules from the nat table...
Cleaning up calico rules from the raw table...
Cleaning up calico rules from the mangle table...
Cleaning up calico rules from the filter table...
Cleaning all calico

## iptables -S | grep -oP '(?<!^:)cali-[^ ]+' | wc -l
0
于 2021-08-04T13:45:03.027 回答