[MediaWiki-commits] [Gerrit] poolcounter: don't track connections on the firewall - change (operations/puppet)

Wed, 08 Jul 2015 05:58:52 -0700 

Matanya has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/223540

Change subject: poolcounter: don't track connections on the firewall
......................................................................

poolcounter: don't track connections on the firewall

Change-Id: I18621798d1ad9b13b7dc05cbcbea67011f4564cd
---
M manifests/role/poolcounter.pp
1 file changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/40/223540/1

diff --git a/manifests/role/poolcounter.pp b/manifests/role/poolcounter.pp
index d2a19c4..28755be 100644
--- a/manifests/role/poolcounter.pp
+++ b/manifests/role/poolcounter.pp
@@ -23,4 +23,20 @@
         port   => '7531',
         srange => '$ALL_NETWORKS',
     }
+
+    ferm::rule { 'skip_poolcounter_conntrack-out':
+        desc  => 'Skip poolcounter outgoing connection tracking',
+        table => 'raw',
+        chain => 'OUTPUT',
+        rule  => 'proto tcp sport 7531 NOTRACK;',
+    }
+
+    ferm::rule { 'skip_poolcounter_conntrack-in':
+        desc  => 'Skip poolcounter incoming connection tracking',
+        table => 'raw',
+        chain => 'PREROUTING',
+        rule  => 'proto tcp sport 7531 NOTRACK;',
+    }
+
+
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/223540
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I18621798d1ad9b13b7dc05cbcbea67011f4564cd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya <mata...@foss.co.il>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to