test(iperf): install iptables rule inside of container (#9880)

In Docker environments, applying iptables rules to filter container-container traffic on the Docker bridged network is not reliable, leading to direct connections being established in our relayed tests. To fix this, we insert the rules directly from the client container itself. --------- Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
2026-01-27 18:18:55 +00:00 · 2025-07-16 18:29:33 +08:00
parent 2fd56fb7ae
commit cf2470ba1e
5 changed files with 31 additions and 10 deletions
--- a/scripts/tests/lib.sh
+++ b/scripts/tests/lib.sh
@@ -19,14 +19,11 @@ function relay2() {
 }

 function install_iptables_drop_rules() {
-    sudo iptables -I FORWARD 1 -s 172.28.0.100 -d 172.28.0.105 -j DROP
-    sudo iptables -I FORWARD 1 -s 172.28.0.105 -d 172.28.0.100 -j DROP
-    trap remove_iptables_drop_rules EXIT # Cleanup after us
-}
+    # Install `iptables` to have it available in the compatibility tests
+    docker compose exec -it client /bin/sh -c 'apk add iptables'

-function remove_iptables_drop_rules() {
-    sudo iptables -D FORWARD -s 172.28.0.100 -d 172.28.0.105 -j DROP
-    sudo iptables -D FORWARD -s 172.28.0.105 -d 172.28.0.100 -j DROP
+    # Execute within the client container because doing so from the host is not reliable in CI.
+    docker compose exec -it client /bin/sh -c 'iptables -A OUTPUT -d 172.28.0.105 -j DROP'
 }

 function client_curl_resource() {