Felix does not resync deleted iptables rule

[hudiehule]

Environment：calico v3.28.2 、single node

Expected Behavior

it looks like a bug. I execute the command "iptables -t nat -D POSTROUTING -j cali-POSTROUTING -m comment --comment "cali:0i8pjzKKPyA34aQD"" ，it should be revovered by felix automatically after several minutes(the value of "IptablesRefreshInterval").

Current Behavior

The cali-POSTROUTING chain is missing in POSTROUTING chain, the pod can not visit outside world.

Possible Solution

Steps to Reproduce (for bugs)

1. Execute the command "iptables -t nat -D POSTROUTING -j cali-POSTROUTING -m comment --comment "cali:0i8pjzKKPyA34aQD""

Context

Your Environment

• Calico version: v3.28.2
• Calico dataplane (iptables, windows etc.) : iptables
• Orchestrator version (e.g. kubernetes, mesos, rkt): kubernetes
• Operating System and version: Linux version 3.10.0-957.el7.x86_64

[fasaxc]

Please try v3.28.3. There was a fix in that area. I tried adding an FV test here but it didn't reproduce the problem. The rule was restored as expected.

If you can still reproduce on v3.28.3 please provide more details of your configuration. Perhaps you're setting the chain insert mode differently or perhaps there's a problem with the resync time setting.

[hudiehule]

Thanks, i tried v3.28.3 and the rule was restored ad expected.