adjust pinned path

QxBytes · QxBytes · commit e3bc5f6fbc3d · 2025-08-26T11:31:13.000-07:00
diff --git a/azure-iptables-monitor/README.md b/azure-iptables-monitor/README.md
@@ -33,7 +33,7 @@ Follow the steps below to build and run the program:
     - The `-events` flag enables Kubernetes event creation for rule violations. Default: `false`
     - The `-ipv6` flag enables IPv6 ip6tables monitoring using the IPv6 allowlists. Default: `false`
     - The `-checkMap` flag enables checking the pinned bpf map specified in mapPath for increases. Default: `false`
-    - The `-mapPath` flag specifies the pinned bpf map path to check. Default: `/block-iptables/iptables_block_event_counter`
+    - The `-mapPath` flag specifies the pinned bpf map path to check. Default: `/azure-block-iptables/iptables_block_event_counter`
     - The program must be in a k8s environment and `NODE_NAME` must be a set environment variable with the current node.
 
 5. The program will set the `kubernetes.azure.com/user-iptables-rules` label to `true` on the specified ciliumnode resource if unexpected rules are found, or `false` if all rules match expected patterns. Proper RBAC is required for patching (patch for ciliumnodes, create for events, get for nodes).
diff --git a/azure-iptables-monitor/iptables_monitor.go b/azure-iptables-monitor/iptables_monitor.go
@@ -34,7 +34,7 @@ var (
 	sendEvents    = flag.Bool("events", false, "Whether to send node events if unexpected iptables rules are detected")
 	ipv6Enabled   = flag.Bool("ipv6", false, "Whether to check ip6tables using the ipv6 allowlists")
 	checkMap      = flag.Bool("checkMap", false, "Whether to check the bpf map at mapPath for increases")
-	pinPath       = flag.String("mapPath", "/block-iptables/iptables_block_event_counter", "Path to pinned bpf map")
+	pinPath       = flag.String("mapPath", "/azure-block-iptables/iptables_block_event_counter", "Path to pinned bpf map")
 )
 
 const label = "kubernetes.azure.com/user-iptables-rules"
diff --git a/bpf-prog/azure-block-iptables/pkg/bpfprogram/program.go b/bpf-prog/azure-block-iptables/pkg/bpfprogram/program.go
@@ -18,7 +18,7 @@ import (
 
 const (
 	// BPFMapPinPath is the directory where BPF maps are pinned
-	BPFMapPinPath = "/sys/fs/bpf/block-iptables"
+	BPFMapPinPath = "/sys/fs/bpf/azure-block-iptables"
 	// EventCounterMapName is the name used for pinning the event counter map
 	EventCounterMapName = "iptables_block_event_counter"
 	// IptablesLegacyBlockProgramName is the name used for pinning the legacy iptables block program

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ var (`
`34`	`34`	`sendEvents = flag.Bool("events", false, "Whether to send node events if unexpected iptables rules are detected")`
`35`	`35`	`ipv6Enabled = flag.Bool("ipv6", false, "Whether to check ip6tables using the ipv6 allowlists")`
`36`	`36`	`checkMap = flag.Bool("checkMap", false, "Whether to check the bpf map at mapPath for increases")`
`37`		`- pinPath = flag.String("mapPath", "/block-iptables/iptables_block_event_counter", "Path to pinned bpf map")`
	`37`	`+ pinPath = flag.String("mapPath", "/azure-block-iptables/iptables_block_event_counter", "Path to pinned bpf map")`
`38`	`38`	`)`
`39`	`39`
`40`	`40`	`const label = "kubernetes.azure.com/user-iptables-rules"`