Also reconcile destination prefixes

config/crd/bases/metal-stack.io_firewalls.yaml

@@ -45,10 +45,6 @@ spec:
           spec:
             description: FirewallSpec defines the desired state of Firewall
             properties:
-              logAcceptedConnections:
-                description: LogAcceptedConnections if set to true, also log accepted connections
-                  in the droptailer log
-                type: boolean
               controllerURL:
                 description: ControllerURL points to the downloadable binary artifact
                   of the firewall controller
@@ -131,6 +127,10 @@ spec:
                 description: TrafficControl defines where to store the generated ipv4
                   firewall rules on disk
                 type: string
+              logAcceptedConnections:
+                description: LogAcceptedConnections if set to true, also log accepted
+                  connections in the droptailer log
+                type: boolean
               rateLimits:
                 description: RateLimits allows configuration of rate limit rules for
                   interfaces.

controllers/crd/crd.go

@@ -24,7 +24,7 @@ import (
 	"context"
 	"errors"
 	"io"
-	"io/ioutil"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"time"
@@ -287,7 +287,7 @@ func renderCRDs(options *InstallOptions) ([]runtime.Object, error) {
 	var (
 		err   error
 		info  os.FileInfo
-		files []os.FileInfo
+		files []fs.DirEntry
 	)
 
 	type GVKN struct {
@@ -308,9 +308,9 @@ func renderCRDs(options *InstallOptions) ([]runtime.Object, error) {
 		}
 
 		if !info.IsDir() {
-			filePath, files = filepath.Dir(path), []os.FileInfo{info}
+			filePath, files = filepath.Dir(path), []fs.DirEntry{fs.FileInfoToDirEntry(info)}
 		} else {
-			if files, err = ioutil.ReadDir(path); err != nil {
+			if files, err = os.ReadDir(path); err != nil {
 				return nil, err
 			}
 		}
@@ -376,7 +376,7 @@ func readCRD(name string, b []byte) ([]*unstructured.Unstructured, error) {
 }
 
 // readCRDs reads the CRDs from files and Unmarshals them into structs
-func readCRDs(basePath string, files []os.FileInfo) ([]*unstructured.Unstructured, error) {
+func readCRDs(basePath string, files []os.DirEntry) ([]*unstructured.Unstructured, error) {
 	var crds []*unstructured.Unstructured
 
 	// White list the file extensions that may contain CRDs

controllers/firewall_controller.go

@@ -426,7 +426,7 @@ func (r *FirewallReconciler) updateStatus(ctx context.Context, f firewallv1.Fire
 	idsStats := firewallv1.IDSStatsByDevice{}
 	if r.EnableIDS { // checks the CLI-flag
 		s := suricata.New()
-		ss, err := s.InterfaceStats()
+		ss, err := s.InterfaceStats(ctx)
 		if err != nil {
 			return err
 		}

go.mod

@@ -8,9 +8,9 @@ require (
 	github.com/google/nftables v0.0.0-20220422151220-76ed01e300f2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
-	github.com/metal-stack/metal-go v0.16.6
-	github.com/metal-stack/metal-lib v0.9.0
-	github.com/metal-stack/metal-networker v0.8.3
+	github.com/metal-stack/metal-go v0.18.5
+	github.com/metal-stack/metal-lib v0.9.2
+	github.com/metal-stack/metal-networker v0.8.4-0.20220704141339-c6176dbf0e2d
 	github.com/metal-stack/v v1.0.3
 	github.com/txn2/txeh v1.3.0
 	github.com/vishvananda/netlink v1.1.0
@@ -38,7 +38,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/loads v0.21.1 // indirect
-	github.com/go-openapi/spec v0.20.5 // indirect
+	github.com/go-openapi/spec v0.20.6 // indirect
 	github.com/go-openapi/strfmt v0.21.2 // indirect
 	github.com/go-openapi/swag v0.21.1 // indirect
 	github.com/go-openapi/validate v0.21.0 // indirect
@@ -70,16 +70,14 @@ require (
 	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
-	go.mongodb.org/mongo-driver v1.9.0 // indirect
+	go.mongodb.org/mongo-driver v1.9.1 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
-	go4.org/intern v0.0.0-20220301175310-a089fc204883 // indirect
-	go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 // indirect
-	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
-	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
+	golang.org/x/net v0.0.0-20220622184535-263ec571b305 // indirect
+	golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 // indirect
+	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
@@ -88,8 +86,7 @@ require (
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/component-base v0.23.6 // indirect
 	k8s.io/klog/v2 v2.60.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect