Use correct destination format for IPv6 DNAT rules

antoninbas · antoninbas · commit 9bc251e98db9 · 2025-11-26T17:35:57.000-08:00
Signed-off-by: Antonin Bas &lt;antonin.bas@broadcom.com&gt;
diff --git a/pkg/agent/nodeportlocal/rules/iptable_rule.go b/pkg/agent/nodeportlocal/rules/iptable_rule.go
@@ -20,6 +20,7 @@ package rules
 import (
 	"bytes"
 	"fmt"
+	"net"
 
 	"k8s.io/klog/v2"
 
@@ -95,7 +96,7 @@ func buildRuleForPod(port int, podIP, protocol string) []string {
 
 // AddRule appends a DNAT rule in NodePortLocalChain chain of NAT table.
 func (ipt *iptablesRules) AddRule(nodePort int, podIP string, podPort int, protocol string) error {
-	podAddr := fmt.Sprintf("%s:%d", podIP, podPort)
+	podAddr := net.JoinHostPort(podIP, fmt.Sprint(podPort))
 	rule := buildRuleForPod(nodePort, podAddr, protocol)
 	if err := ipt.table.AppendRule(ipt.protocol, iptables.NATTable, NodePortLocalChain, rule); err != nil {
 		return err
diff --git a/test/e2e/nodeportlocal_test.go b/test/e2e/nodeportlocal_test.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net"
 	"regexp"
 	"strconv"
 	"strings"
@@ -202,7 +203,7 @@ func checkNPLRulesForWindowsPod(t *testing.T, data *TestData, r *require.Asserti
 func buildRuleForPod(rule nplRuleData) []string {
 	return []string{
 		"-p", rule.protocol, "-m", rule.protocol, "--dport", fmt.Sprint(rule.nodePort),
-		"-j", "DNAT", "--to-destination", fmt.Sprintf("%s:%d", rule.podIP, rule.podPort),
+		"-j", "DNAT", "--to-destination", net.JoinHostPort(rule.podIP, fmt.Sprint(rule.podPort)),
 	}
 }
 
