Alexandros Kosiaris has submitted this change and it was merged.
Change subject: ferm: NOTRACK needs to be applied on raw table
......................................................................
ferm: NOTRACK needs to be applied on raw table
Fix bug where NOTRACK was applied on the filter table instead of the raw
table. Also NOTRACK in this context needs to be applied to the
PREROUTING chain and not the INPUT chain
Bug: T104996
Change-Id: I7077050dc517e6745e9bc36b9709fbee77c308b5
---
M modules/ferm/files/functions.conf
1 file changed, 6 insertions(+), 2 deletions(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
diff --git a/modules/ferm/files/functions.conf
b/modules/ferm/files/functions.conf
index 214f6d4..aec786f 100644
--- a/modules/ferm/files/functions.conf
+++ b/modules/ferm/files/functions.conf
@@ -13,7 +13,11 @@
# Exempt service from connection tracking (for high traffic services)
@def &NO_TRACK($proto, $port) = {
- domain (ip ip6) chain INPUT {
- proto $proto dport $port NOTRACK;
+ domain (ip ip6) {
+ table raw {
+ chain PREROUTING {
+ proto $proto dport $port NOTRACK;
+ }
+ }
}
}
--
To view, visit https://gerrit.wikimedia.org/r/230052
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7077050dc517e6745e9bc36b9709fbee77c308b5
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
