File tree Expand file tree Collapse file tree
scripts/mitigation-scripts/stale-lb-dsr-rules Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -171,6 +171,7 @@ while ($true) {
171171 if ($orphanVfpRules.Count -eq 0 ) {
172172 Write-KustoLog - Level ' Info' - Event ' NoOrphanRules' - Message ' No orphan VFP rules found.'
173173 } else {
174+ $hnsPolicies = Get-HnsPolicyList
174175 foreach ($entry in $orphanVfpRules.Values ) {
175176 $ruleProps = @ {
176177 Port = $entry.Port
@@ -183,7 +184,8 @@ while ($true) {
183184 if (-not (Test-VfpRuleHasMatchingPolicy - port $entry.Port - layer $entry.Layer - group $entry.Group - ruleId $entry.RuleId - hnsPolicies $hnsPolicies )) {
184185 Write-KustoLog - Level ' Warning' - Event ' OrphanRuleNoPolicy' - Message " Rule has no matching HNS policy and is a candidate for removal." - Properties $ruleProps
185186 # Remove the orphan rule
186- # vfpctrl.exe /port $entry.Port /layer $entry.Layer /group $entry.Group /delete-rule /rule $entry.RuleId
187+ vfpctrl / remove-rule / port $entry.Port / layer $entry.Layer / group $entry.Group / rule $entry.RuleId
188+ Write-KustoLog - Level ' Info' - Event ' OrphanRuleRemoved' - Message " Orphan VFP rule removed." - Properties $ruleProps
187189 } else {
188190 Write-KustoLog - Level ' Info' - Event ' OrphanRuleHasPolicy' - Message " Rule has a matching HNS policy and should not be removed." - Properties $ruleProps
189191 }
Original file line number Diff line number Diff line change @@ -183,6 +183,7 @@ data:
183183 if ($orphanVfpRules.Count -eq 0) {
184184 Write-KustoLog -Level 'Info' -Event 'NoOrphanRules' -Message 'No orphan VFP rules found.'
185185 } else {
186+ $hnsPolicies = Get-HnsPolicyList
186187 foreach ($entry in $orphanVfpRules.Values) {
187188 $ruleProps = @{
188189 Port = $entry.Port
@@ -195,7 +196,8 @@ data:
195196 if (-not (Test-VfpRuleHasMatchingPolicy -port $entry.Port -layer $entry.Layer -group $entry.Group -ruleId $entry.RuleId -hnsPolicies $hnsPolicies)) {
196197 Write-KustoLog -Level 'Warning' -Event 'OrphanRuleNoPolicy' -Message "Rule has no matching HNS policy and is a candidate for removal." -Properties $ruleProps
197198 # Remove the orphan rule
198- vfpctrl.exe /port $entry.Port /layer $entry.Layer /group $entry.Group /delete-rule /rule $entry.RuleId
199+ vfpctrl /remove-rule /port $entry.Port /layer $entry.Layer /group $entry.Group /rule $entry.RuleId
200+ Write-KustoLog -Level 'Info' -Event 'OrphanRuleRemoved' -Message "Orphan VFP rule removed." -Properties $ruleProps
199201 } else {
200202 Write-KustoLog -Level 'Info' -Event 'OrphanRuleHasPolicy' -Message "Rule has a matching HNS policy and should not be removed." -Properties $ruleProps
201203 }
@@ -242,9 +244,9 @@ spec:
242244 imagePullPolicy : IfNotPresent
243245 env :
244246 - name : ITERATION_INTERVAL_SECONDS
245- value : " 30 "
247+ value : " 60 "
246248 - name : PASS2_DELAY_SECONDS
247- value : " 10 "
249+ value : " 120 "
248250 command :
249251 - powershell.exe
250252 - -File
You can’t perform that action at this time.
0 commit comments