[jira] [Created] (BROOKLYN-41) openIptables config appears to customise entries for requested ports, not assigned

Mon, 21 Jul 2014 08:25:37 -0700 

Sam Corbett created BROOKLYN-41:
-----------------------------------

             Summary: openIptables config appears to customise entries for 
requested ports, not assigned
                 Key: BROOKLYN-41
                 URL: https://issues.apache.org/jira/browse/BROOKLYN-41
             Project: Brooklyn
          Issue Type: Bug
            Reporter: Sam Corbett


I set the openIptables config option on a location and deployed an app with one 
Java app and seven Redis databases.

I expected Brooklyn to configure the Iptables firewall with an entry for each 
Redis databse port, but instead saw only one entry. My guess is that it's 
customising based on the requested ports, not those that were assigned.

Output from the server:
{code}
[sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ ps aux | grep 
redis
sam       8153  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 
./bin/redis-server *:6383
sam       8173  0.0  0.0 137344  7380 ?        Ssl  16:51   0:00 
./bin/redis-server *:6382
sam       8499  0.0  0.0 137344  7348 ?        Ssl  16:51   0:00 
./bin/redis-server *:6380
sam       8641  0.0  0.0 137344  7376 ?        Ssl  16:51   0:00 
./bin/redis-server *:6385
sam       9362  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 
./bin/redis-server *:6379
sam       9547  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 
./bin/redis-server *:6381
sam      10043  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 
./bin/redis-server *:6384
sam      17293  0.0  0.0 103248   840 pts/0    S+   17:02   0:00 grep redis

[sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ sudo service 
iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1099
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:31001
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:61616
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:6379
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
6    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
7    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp 
dpt:22
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

[sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$
{code}

I would expect six more entries of the form 'tcp dpt:6379' for ports 6380-6385.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to