Author: arkurth
Date: Tue Jul 7 18:48:22 2015
New Revision: 1689723
URL: http://svn.apache.org/r1689723
Log:
VCL-875
Updated Linux.pm::enable_firewall_port to ignore existing multiport rules when
determining if adding a rule is necessary.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1689723&r1=1689722&r2=1689723&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Tue Jul 7 18:48:22 2015
@@ -3822,6 +3822,8 @@ sub enable_firewall_port {
# Existing rules will be replaced with new rules which
consolidate overlapping scopes
# This helps reduce duplicate rules and the number of
individual rules
push @commands, "iptables -D $chain $rule_number";
+
+ notify($ERRORS{'DEBUG'}, 0, "existing $chain chain rule
$rule_number matches:\n" .
format_data($firewall_configuration->{$chain}{$rule_number}));
}
# Combine all of the existing scopes matching the protocol/port
@@ -4286,6 +4288,14 @@ sub get_firewall_configuration {
next LINE;
}
+ # Ignore multiport rules - VCL code does not configure
any such rules
+ # This can cause the management node to be locked out
+ # See https://issues.apache.org/jira/browse/VCL-875
+ if ($other_parameters =~ /(multiport|dpts:)/) {
+ notify($ERRORS{'DEBUG'}, 0, "ignoring multiport
rule: $line");
+ next LINE;
+ }
+
my ($state) = $other_parameters =~ /state\s+([\w,]+)/i;
$state = '' if !defined($state);
